NUS and CSA to establish S$20 million CyberSG Talent, Innovation and Growth Collaboration Centre to address growing demand for robust cybersecurity solutions

NUS-CSA CyberSG TIG Collaboration Centre_NN1
Mrs Josephine Teo, Minister for Communications and Information, looking on as Mr David Koh, Chief Executive, Cyber Security Agency of Singapore (extreme left) and Professor Chen Tsuhan, NUS Deputy President (Innovation and Enterprise) exchange Memorandum of Understanding documents.

NUS has partnered Cyber Security Agency of Singapore (CSA) to establish a new S$20 million NUS-CSA CyberSG Talent, Innovation and Growth (TIG) Collaboration Centre. This initiative, unveiled during the Cybersecurity Industry Innovation Day on 29 September 2023, aims to establish Singapore as the premier global cybersecurity innovation hub for economic growth. It will play a key role in achieving the objectives set out in CSA’s S$50 million Cyber TIG Plan to uplift Singapore’s cybersecurity sector.

In today’s interconnected digital world, the need for sophisticated and trusted cybersecurity solutions has reached unprecedented levels. With Southeast Asia’s digital economy projected to reach US$1 trillion by 2030 and Internet users on the rise[1], a strong cybersecurity industry is essential. Beyond safeguarding Singapore’s digital future and cybersecurity resilience, especially amid recent scams and cybercrimes[2], the CyberSG TIG Collaboration Centre bolsters Singapore’s reputation as a trusted digital hub and aspires to help advance cybersecurity as an emerging economic driver for Singapore.

Speaking at the Cybersecurity Industry Innovation Day, Mrs Josephine Teo, Minister for Communications and Information, said, “Under the Cyber TIG Plan, we will establish a new physical node at NUS, called the CyberSG TIG Collaboration Centre. This new Centre has three aims: to integrate CSA’s existing initiatives; to explore new talent and innovation initiatives; and to bring together industry, end users, investors, trade and professional associations, cyber professionals and government agencies.”

 

NUS-CSA CyberSG TIG Collaboration Centre to help build a vibrant cybersecurity ecosystem

The CyberSG TIG Collaboration Centre will address dependencies between cybersecurity talent, innovation, and growth for the industry, by serving as a convening platform to integrate and create relevant programmes for industry and talent development in Singapore, and a global node for international cooperation on innovation. It will help build a vibrant cybersecurity ecosystem by bringing together local and international cybersecurity stakeholders, including industry, academia, cybersecurity professionals and government stakeholders to leverage the opportunities posed by digitalisation.

The CyberSG TIG Collaboration Centre will also build upon NUS Enterprise’s entrepreneurial academic programmes and extensive global BLOCK71 network, providing cybersecurity talents and companies with access to resources and opportunities for growth, particularly through ICE71, which operates the first cybersecurity-focused accelerator in Singapore.

Professor Tan Eng Chye, President of NUS, said, “Singapore’s standing as a digital innovation hub underscores the importance of cybersecurity, not only for national security but increasingly as a key driver for economic growth. To build a cyber-resilient nation, we need to develop a robust cybersecurity ecosystem fuelled by innovation and entrepreneurship. Our collaboration with CSA to set up the NUS-CSA CyberSG TIG Collaboration Centre leverages the University’s strengths, including ready innovation platforms, entrepreneurial academic programmes, a global ecosystem network and multi-disciplinary resources. We aim to promote growth in the cybersecurity sector and enhance cybersecurity capabilities across industry sectors, enabling them to be future-ready.”

The CyberSG TIG Collaboration Centre’s strategic initiatives are structured around three core pillars, each designed to complement and synergise with the others through collaborations with cybersecurity stakeholders including academia, industry, government and international organisations:

1. Talent

This foundational pillar focuses on building a pipeline of skilled cybersecurity professionals and expanding cybersecurity capabilities across industry sectors. NUS will take on the role of an integrated programme manager, working closely with CSA to jointly plan and better synergise CSA’s Talent & Skills Development programmes, including SG Cyber Youth and Associates, as well as identify and collaborate with potential partners to co-deliver impactful programmes supported by CSA’s Talent Development Fund. This will help ensure that the talent programmes remain relevant to the current cybersecurity landscape and industry needs.

SG Cyber Youth will leverage the success of the NUS Overseas Colleges (NOC) programme. Through NOC, students will be placed in prominent entrepreneurial and cybersecurity hubs worldwide, offering them valuable exposure to global innovation and entrepreneurship opportunities.

2. Innovation

The Innovation pillar involves co-innovation with industry, bridging the path from innovation to commercialisation, and nurturing promising cybersecurity companies for Singapore and the region. For example, CSA collaborates with NUS to co-organise the Cybersecurity Industry Call for Innovation (CyberCall), an annual cybersecurity innovation challenge that invites companies to participate and co-develop innovative solutions targeting critical cybersecurity challenges faced in Singapore. Through working with partners who are key demand drivers for cybersecurity solutions, this strengthens partner organisations’ cyber resilience, while providing opportunities for cybersecurity companies to address market gaps and accelerate the adoption of cutting-edge solutions in Singapore.

Drawing on the experience of ICE71, an upcoming cybersecurity-focused CyberBoost programme is tailored to provide comprehensive support for the growth of promising cybersecurity companies. To cater to the diverse needs of companies at various stages of development, CyberBoost includes two variants: one designed for early-stage companies looking to test, validate and build a Minimum Viable Product; and the other for companies ready to scale their cybersecurity solutions in Singapore and beyond.

3. Growth

The Growth pillar aims to enable cybersecurity companies anchored in Singapore to scale regionally and globally, thus growing their businesses. An enhanced CyberGrowth programme will facilitate the international expansion of local cybersecurity companies through various initiatives such as development of playbooks, equipping companies with valuable insights into the cybersecurity landscape and business opportunities, organising cyber-focused business missions and more.

Mr David Koh, Commissioner of Cybersecurity and Chief Executive of CSA, said, “Workforce and ecosystem development are the foundations of Singapore’s 2021 Cybersecurity Strategy. The CyberSG TIG Collaboration Centre will play an important role in bringing together ecosystem stakeholders to develop innovative solutions and grow talent. This effort complements our other effort in CyberSG R&D Programme office at NTU. We are excited to work with NUS and NTU in these complementary efforts for the cybersecurity team.”

 

NUS partners with ISTARI to support the Centre’s ambition

Collaboration with diverse partners is essential for the CyberSG TIG Collaboration Centre’s success. To kickstart these collaborative efforts, NUS signed a second Memorandum of Understanding (MOU) at the Cybersecurity Innovation Day, with ISTARI, the global cybersecurity platform established by Temasek.

This strategic partnership will advance the CyberSG TIG Collaboration Centre’s objectives and encompasses three key areas that include internship opportunities with cybersecurity companies for students participating in the NOC programme. In addition, ISTARI will facilitate mentorship opportunities for NOC students, connecting them with seasoned entrepreneurs and investors within its ecosystem. Lastly, NUS and ISTARI will jointly organise events to enhance cyber resilience in the region.

Ms Rashmy Chatterjee, Chief Executive Officer of ISTARI, said, “Our founding promise at ISTARI is the idea of collective power. Together, as an ecosystem, we can be stronger. That’s why it is an honour and privilege to partner with NUS, one of the world’s leading universities, to ensure we develop the next generation of talent in Singapore. As a collaboration, we can collectively help make Singapore the premier global cybersecurity hub for innovation and talent.”

 

The Cybersecurity Innovation Day also saw NUS and ISTARI exchanging Memorandum of Understanding documents. In the photo are (from left to right) Professor Chee Yeow Meng, NUS Vice President (Innovation and Enterprise); Mrs Josephine Teo, Minister for Communications and Information; and Mr Rossa Shanks, Chief Marketing Officer, ISTARI Global Limited.

 

CyberCall 2022 awardees and launch of CyberCall 2023 challenge statements

Launched by CSA in collaboration with NUS, CyberCall is dedicated to fostering innovative cybersecurity solutions, bolstering cyber resilience for organisations, and promoting the adoption of cutting-edge cybersecurity solutions in Singapore.

Presenting seven challenge statements, CyberCall 2022 received proposals from over 50 local and international companies. Following a rigorous selection process involving assessments by end-users, a technical review panel, and CSA’s inter-division panel, four outstanding proposals were chosen for their effectiveness in addressing various cybersecurity issues, ranging from cyber-attack prevention to data privacy preservation in digital forensics. The CyberCall 2022 awardees were announced at the event, with each recipient securing funding of up to S$1,000,000 from CSA’s Cybersecurity Co-Innovation and Development Fund to realise their innovative solutions.

CyberCall 2023 is currently accepting submissions targeting cybersecurity challenges in sectors like manufacturing, maritime, healthcare, and energy and utilities till 30 November 2023. Cybersecurity companies with shortlisted proposals will have the opportunity to engage in in-depth discussions with participating end-users to explore co-innovation, adoption, and test-bedding possibilities. More information is available here.

 

By NUS Enterprise


[1] Southeast Asia’s online economy is still on track to reach US$1 trillion by 2030 as online shopping becomes the norm, according to the report. The region also continues to see growth in the number of Internet users — with 20 million new users added in 2022, raising the total number of users to 460 million. (Source: CNBC)

[2] The Asia Pacific (APAC) region is experiencing a huge increase in cyberattacks compared to its global counterparts, with the average annual cost of cybercrime expected to soar from US$8.4 trillion in 2022 to more than US$23 trillion in 2027. (Source: World Economic Forum)

ICE71 Startup Responsible Cyber Secures License for Penetration Testing in Singapore

ICE71 Accelerate alum, Responsible Cyber, has earned the license to provide Penetration Testing Services in Singapore (License No: CS/PTS/C-2023-0413). Congratulations! Read the press release below:


Expertise recognised by Singapore’s regulators
The cyber landscape is morphing every day, with threats becoming more sophisticated and persistent. In such times, the official nod to Responsible Cyber couldn’t come at a more opportune moment. Responsible Cyber is now perfectly positioned to be the guardians for businesses in Singapore, helping them stay agile and secure against the ever-shifting cyber tide.

For companies looking to fortify their digital walls, there’s a message here: engaging with licensed players like Responsible Cyber is the way to go. This license isn’t just a stamp; it’s a promise that you’re in partnership with a team recognized for its expertise and dedication by our very own regulators.

Helping digital businesses in Singapore thrive safely
Dr. Magda Chelly, the driving force behind Responsible Cyber, shared her excitement, “This license is more than just an achievement for us. It’s a testament to our unwavering commitment to ensure the digital sanctity of businesses in Singapore. We’re here, more equipped than ever, to make sure companies can thrive safely in this digital age.”

When you partner with Responsible Cyber, you’re not just getting a service; you’re aligning with a vision – a vision of a safer, more secure digital future, backed by the very latest in cybersecurity research and action.

Responsible Cyber goes to Cyber Security World Asia 2023
This year, Responsible Cyber is gearing up to mesmerize attendees at Cyber Security World Asia 2023. The booth, is shaping up to be an intellectual carnival, an amalgamation of advanced tech, passionate discussions, and a spirit of collective growth. It’s not just a booth; it’s a nexus of the future of cybersecurity, sprinkled with some delightful Singaporean charm.

So, what’s setting the rumor mills abuzz? Enter, IMMUNE X-TPRM. This isn’t just another platform; it’s Responsible Cyber’s heart and soul translated into tech. It’s their mission to foster trust and safety in our shared digital universe. Echoing Dr. Chelly’s sentiments, “Cybersecurity is a canvas where technology meets humanity. It’s not just about safeguarding data; it’s about ensuring that every byte, every bit, resonates with security, trust, and integrity.”

About Responsible Cyber Pte. Ltd.
Born in Singapore’s dynamic landscape in 2016, Responsible Cyber was the brainchild of industry aces Magda Chelly and Mikko Laaksonen. Today, their influence spans from the UK and France to Poland. With strong backing from giants like Singtel Innov8 and NUS Enterprise, they’ve been trailblazing with their AI-driven tools, IMMUNE X-TPRM and IMMUNE GRC, each designed to address today’s digital challenges.
For a deep dive into their universe, pop over to www.responsible-cyber.com.

ICE71 Startup Responsible Cyber Achieves Cyber Essentials Certification

Congratulations to homegrown ICE71 startup, Responsible Cyber, on being awarded the Cyber Essentials certification by the Cyber Security Agency of Singapore (CSA). Read the press release below.


Responsible Cyber, an illustrious graduate startup from ICE71’s pioneering program, announced its triumphant attainment of the coveted Cyber Essentials certification, setting a benchmark for cyber excellence in Singapore’s vibrant digital landscape.

This milestone isn’t just an emblem of Responsible Cyber’s commitment to safeguarding the digital realm, but it heralds a clarion call to other SMEs. The achievement underscores their role as a beacon for businesses, big or small, demystifying the often complex web of cybersecurity.

Responsible Cyber’s luminary Co-Founder and Managing Director, Dr. Magda Chelly, shared profound insights, “We advocate for robust cybersecurity practices, and to resonate with authenticity, we put ourselves to the test. By achieving the Cyber Essentials mark, we’ve showcased that prioritizing cyber health isn’t an exorbitant task but a feasible journey for every enterprise.”

Beyond certification, Responsible Cyber’s ethos champions continuous evolution. Wayne Yan, Project and Compliance Manager, remarked, “While the certification outlines the foundation, the true essence lies in ceaseless adaptation. Our guiding compass? Safeguarding entrusted data and fostering a culture of resilience and innovation.”

In a world where digital threats loom large, this certification, introduced by CSA in 2022, stands as a testament to a firm’s dedication to mitigating common cyber vulnerabilities. However, Responsible Cyber stresses it’s the starting line, not the finish. Dr. Chelly avers, “The digital realm is ever-evolving. While we’re honored by this certification, our eyes are already set on the horizon, ensuring we remain at the pinnacle of cyber readiness.”

Co-founder Mikko Laaksonen eagerly shared the company’s forward momentum, “As we celebrate today’s accomplishment, our sights are already set on the next milestone: the Cyber Trust mark certification.”

As cyber threats evolve, Responsible Cyber emerges not just as a guardian but an inspiration. Their certification journey beckons SMEs to rise to the challenge, fortifying themselves in this digital age. Their story is an affirmation: Cyber readiness is not a luxury but a necessity, accessible and achievable.

ICE71 start-up Aires Applied Tech and Software Development company Techzu join Forces to Propel SMEs into a Secure Digital Future

Congratulations to ICE71 Accelerate 2023 start-up, Aires Applied Tech on signing a new partnership with fellow home-grown software development company, Techzu!
Read the official announcement below.

A Strategic Partnership for Affordable and Advanced Digital Solutions for Singapore SMEs
Singapore, [24 Jul 2023] – Techzu Ichicode Pte Ltd (Techzu), a leading Singapore-based software development company, and Aires Applied Tech Pte Ltd (AAT), a trailblazing research & development firm, have officially signed an MOU agreement at ICE71, cementing their commitment to revolutionize SMEs in Singapore. This strategic collaboration aims to deliver cost-effective and cutting-edge digital solutions, fortified with the latest security technology, to empower SMEs on their digitalization journey and elevate their business potential securely.

Techzu Ichicode Pte Ltd: Enabling SME Digitalization with Tailor-Made Software Solutions
Techzu has established itself as a prominent player in the software development industry, dedicated to empowering SMEs with customized enterprise software. Leveraging available government grants, Techzu facilitates seamless digitalization for SMEs by providing them with tailored Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Project Management Systems, and more.

Aires Applied Tech Pte Ltd: Pioneering Innovation in Cybersecurity and AI
Aires Applied Tech has become a key player in research & development, focused on exploring cutting-edge technologies. With a strong emphasis on Cybersecurity, Artificial Intelligence (AI), and Data Encryption, Aires Applied Tech enjoys the support of Enterprise Singapore and NUS. As a member of ICE71, the firm is committed to elevating security standards in the digital landscape.

A Collaborative Mission for Enhanced Security and Digital Transformation

The formalization of the MOU heralds the start of a promising partnership between Techzu and Aires Applied Tech. The primary objective of this collaboration is to empower SMEs in Singapore with transformative digital solutions, reinforced by state-of-the-art security technology. By merging Techzu’s expertise in software development with Aires Applied Tech’s cutting-edge research in cybersecurity, this partnership offers a dynamic blend of innovation and security to propel SMEs towards unparalleled digital growth.

Empowering SMEs with Enhanced Investment Opportunities
This collaboration offers Singapore startups a competitive edge in attracting investment opportunities. Through the fusion of Techzu’s bespoke digital solutions and Aires Applied Tech’s advanced cybersecurity measures, startups can confidently attract potential investors. The emphasis on innovation and security not only enhances their market appeal but also instils trust and confidence in the protection of sensitive information, bolstering the overall operations of SMEs.

Empowering SMEs with Robust Digital Solutions
At the heart of this alliance is the shared vision to empower SMEs in Singapore with seamless digital transformation. By harnessing the latest security technology, businesses can confidently navigate the digital landscape while fortifying themselves against potential cybersecurity threats.

Empowering SMEs: Embrace a Secure Digital Future
The strategic collaboration between Techzu and Aires Applied Tech lies a potent solution to mitigate ransomware incidents, especially for visionary SME owners eager to embrace digitalization and future-proof their businesses. Given the resource limitations most SMEs face in countering cyber threats (“Phishing and Ransomware,” 2023), this partnership empowers SMEs to proactively protect against ransomware attacks, effectively reducing the risk of successful breaches. Furthermore, with the availability of possible government grants, SMEs can confidently embark on their digitalization journey, knowing they have the necessary assurance and support.

Take the first step towards securing your business’s future. Explore the transformative solutions offered by Techzu and Aires Applied Tech today. Together, let’s unlock your business’s full potential in the digital era.

For inquiries and more information on available digital solutions and government grants, reach out to us and embark on a secure and prosperous future for your business.

Techzu and ICE71 start-up Aires Applied Tech Join Forces to Propel SMEs into a Secure Digital Future

Congratulations to ICE71 Accelerate 2023 start-up, Aires Applied Tech on signing a new partnership with fellow home-grown software development company, Techzu!
Read the official announcement below.

A Strategic Partnership for Affordable and Advanced Digital Solutions for Singapore SMEs
Singapore, [24 Jul 2023] – Techzu Ichicode Pte Ltd (Techzu), a leading Singapore-based software development company, and Aires Applied Tech Pte Ltd (AAT), a trailblazing research & development firm, have officially signed an MOU agreement at ICE71, cementing their commitment to revolutionize SMEs in Singapore. This strategic collaboration aims to deliver cost-effective and cutting-edge digital solutions, fortified with the latest security technology, to empower SMEs on their digitalization journey and elevate their business potential securely.

Techzu Ichicode Pte Ltd: Enabling SME Digitalization with Tailor-Made Software Solutions
Techzu has established itself as a prominent player in the software development industry, dedicated to empowering SMEs with customized enterprise software. Leveraging available government grants, Techzu facilitates seamless digitalization for SMEs by providing them with tailored Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Project Management Systems, and more.

Aires Applied Tech Pte Ltd: Pioneering Innovation in Cybersecurity and AI
Aires Applied Tech has become a key player in research & development, focused on exploring cutting-edge technologies. With a strong emphasis on Cybersecurity, Artificial Intelligence (AI), and Data Encryption, Aires Applied Tech enjoys the support of Enterprise Singapore and NUS. As a member of ICE71, the firm is committed to elevating security standards in the digital landscape.

A Collaborative Mission for Enhanced Security and Digital Transformation

The formalization of the MOU heralds the start of a promising partnership between Techzu and Aires Applied Tech. The primary objective of this collaboration is to empower SMEs in Singapore with transformative digital solutions, reinforced by state-of-the-art security technology. By merging Techzu’s expertise in software development with Aires Applied Tech’s cutting-edge research in cybersecurity, this partnership offers a dynamic blend of innovation and security to propel SMEs towards unparalleled digital growth.

Empowering SMEs with Enhanced Investment Opportunities
This collaboration offers Singapore startups a competitive edge in attracting investment opportunities. Through the fusion of Techzu’s bespoke digital solutions and Aires Applied Tech’s advanced cybersecurity measures, startups can confidently attract potential investors. The emphasis on innovation and security not only enhances their market appeal but also instils trust and confidence in the protection of sensitive information, bolstering the overall operations of SMEs.

Empowering SMEs with Robust Digital Solutions
At the heart of this alliance is the shared vision to empower SMEs in Singapore with seamless digital transformation. By harnessing the latest security technology, businesses can confidently navigate the digital landscape while fortifying themselves against potential cybersecurity threats.

Empowering SMEs: Embrace a Secure Digital Future
The strategic collaboration between Techzu and Aires Applied Tech lies a potent solution to mitigate ransomware incidents, especially for visionary SME owners eager to embrace digitalization and future-proof their businesses. Given the resource limitations most SMEs face in countering cyber threats (“Phishing and Ransomware,” 2023), this partnership empowers SMEs to proactively protect against ransomware attacks, effectively reducing the risk of successful breaches. Furthermore, with the availability of possible government grants, SMEs can confidently embark on their digitalization journey, knowing they have the necessary assurance and support.

Take the first step towards securing your business’s future. Explore the transformative solutions offered by Techzu and Aires Applied Tech today. Together, let’s unlock your business’s full potential in the digital era.

For inquiries and more information on available digital solutions and government grants, reach out to us and embark on a secure and prosperous future for your business.

BLOCK71 Global Startup Runway 2023 – ICE71 Start-up Pitches

This is not a Demo Day is a culmination of the intense training received during BLOCK71’s Global Startup Runway programme. As part of the Singapore cohort, five ICE71 start-ups finally presented their cybersecurity solutions and business pitches to investors, corporates, government and institutions to secure funding and support for their exciting journey ahead!

Cohort 5 Startups have been mentored on Unit Economics, Funding, Branding, Impact, Product and Scaling by:

  • VCs from Cocoon Capital, Wavemaker Partners, Touchstone Ventures, AC Ventures, Kejora Ventures, Finch Capital, Farquhar Capital, Do Ventures, Atlas Ventures
  • Technical Experts from B Lab Singapore, Pencil Group, Growth Marketing Studio, Brandspace Advisory
  • Fellow entrepreneurs from Allo Bank, Bobobox, Xurya Daya, Genetica, Eden Farm, nafas, TechinAsia, Pinhome, SYNthesize, SentinalOne, Selly, Republic
  • Tech Corporate division Leads from STRIPE, Alicloud, Byteplus, AW

Are you interested in discussing potential opportunities with these teams? Reach out to enquiries@ice71.sg to get connected!

Missed the event? Access the programme booklet here and watch the pitches below.


Aires Applied Technology
Founders: Lim Meng Liang, Ken Lin

Focus: Quantum-Resistant Encryption

Aires A.T has proprietary tech in Post-Quantum Data Encryption coupled with AI, to replace encryption standards today. Their novel methods of data protection form a robust & efficient security infrastructure for clients of varying needs, both individuals and organizations.

 

Numen Cyber Technology
Founders: Chris Zheng, Nolan Wang, Dr. Simon Xie

Focus: Web3 Threat Detection & Response

Numen Cyber focuses on Web3 project security audit, on-chain threat detection and response, digital currency tracing and Web3 threat intelligence.

 

AxisNow
Founders: Andy Ong

Focus: Cloud SASE Network Security

“Axisnow is the first alternative to Cloudflare. Axisnow uses the SASE and zero-trust network model to provide distributed employees, B2B upstream and downstream partners, and B2C customers with secure access to websites, applications, APIs, and the Internet. They have built a secure access unified cloud which allows companies to build a modern secure access network in minutes from a single panel, securely opening any resource to any user for quick access.”

 

PolyDigi
Founders: Curtis Chan, Johnathan Lee

Focus: Identity Access and Management (IAM) for Digital Transactions

PolyDigi is an Identity Access and Management (IAM) start-up that make digital transactions safer and smoother with its user friendly multi-factor authentication.

 

Reperion
Founders: Andrew W. Sallay, Dr. Dmitry Mikhaylov

Focus: Operational Resilience for Maritime & Drones

Reperion assures operational resilience across sea, land, and air by securing the hardest assets to defend from cyber and drone attacks.

ICE71 Accelerate Cohort 2023


Meet our latest ICE71 Accelerate start-up cohort!

 

Aires Applied Technology
Founders: Lim Meng Liang, Ken Lin

Focus: Quantum-Resistant Encryption

“Aires A.T has proprietary tech in Post-Quantum Data Encryption coupled with AI, to replace encryption standards today. Their novel methods of data protection form a robust & efficient security infrastructure for clients of varying needs, both individuals and organizations.”

Contact Aires A.T →

 

Numen Cyber Technology
Founders: Chris Zheng, Nolan Wang, Dr. Simon Xie

Focus: Web3 Security

“Numen Cyber is developing an On-Chain security platform to help web3 applications to avoid being attacked and causing asset lost with multiple security methodology and security ecosystem.”

Contact Numen Cyber →

 

AxisNow
Founders: Andy Ong

Focus: Cloud SASE Network Security

“Axisnow is the first alternative to Cloudflare. Axisnow uses the SASE and zero-trust network model to provide distributed employees, B2B upstream and downstream partners, and B2C customers with secure access to websites, applications, APIs, and the Internet. They have built a secure access unified cloud which allows companies to build a modern secure access network in minutes from a single panel, securely opening any resource to any user for quick access.”

Contact AxisNow →

 

PolyDigi
Founders: Curtis Chan, Johnathan Lee

Focus: Identity Access and Management (IAM) for Digital Transactions

“PolyDigiTech is an award-winning cybersecurity Identity Access and Management (IAM) start-up that makes digital transactions safer and smoother with its user friendly and comprehensive multi-factor authentication.”

Contact PolyDigi now →

 

Reperion
Founders: Andrew W. Sallay, Dr. Dmitry Mikhaylov

Focus: Operational Resilience for Maritime & Drones

“Reperion assures operational resilience across sea, land, and air by securing the hardest assets to defend from cyber and drone attacks.”

Contact Reperion →

ICE71 Hosts Dan Woods, Global Head of Intelligence of F5

ICE71 had the privilege of hosting Dan Woods, Global Head of Intelligence of F5, for a cybersecurity sharing session.

At this community event, Dan shed light on the latest tools used by cyber attackers, using real-life cases as examples. Along with providing valuable insights, he also shared personal experiences in cyber intelligence. He talked about how he pursued high-value targets at CIA, assisted with investigations on the 2001 anthrax attacks at the FBI, and gave a behind-the-scenes peek into a Russian human click farm.

Taking questions from cybersecurity practitioners during Q&A, Dan shared his thoughts on a range of topics from how he found his passion for cybersecurity to tips for professional development, adding to the richness of knowledge shared at the event.

Overall, the event was a success. ICE71 hopes to bring more cybersecurity sharing sessions in the future to continue fostering collaboration and knowledge sharing within the community.

The event was made possible through the efforts of Division Zero (Div0) and F5, who extended the opportunity to the ICE71 Community.

Fun fact: ICE71 start-up alum Shape Security was acquired by F5 for $1B in 2020, marking the company’s highest acquisition to date!

For event collaborations, please write to us.

Highlights – Govware-ICE71 Startup Pitch Pit 2022

The Govware-ICE71 Pitch Pit our showcase stage for ICE71 Community start-ups at the Govware Conference, where professionals and experts from across the globe convene annually for the Singapore International Cybersecurity Week.

The purpose of the Pitch Pit is for participating companies – Responsible CyberXRATOR and Protos Labs – to receive real-world feedback for further validation of their solutions.

This year, all three pitching companies showcased solutions for Cybersecurity Risk Assessment in a friendly competition before a panel of esteemed judges. The judges were:

– Cheri Lim – CISO, Temasek
– Will Klippgen – Managing Partner, Cocoon Capital
– James Chong – Senior Director, NCS Innovation Hub
– Pang Tzer Yeu – Head of Information Security, Mediacorp

Each start-up had the opportunity to deliver a full pitch + Q&A, followed by a final quick fire question round by the judges.

The winner was announced by Rayson Ng, Programme Manager at ICE71, after careful deliberation and feedback from the judges. Congratulations to Protos Labs on winning the 2022 Govware-ICE71 Start-up Pitch Pit!

Thank you to all pitching companies who had made thorough preparations for this stage, the judging panel for their thoughtful comments and assessment, the Image Engine team who co-organised this event with us, and everyone who supported, cheered and participated in the pitch pit. Until next time!

 

ICE71 Startup Party 2022!

ICE71 Start-up Party! (9 Dec 2022, 5PM)

We couldn’t have asked for a better turn out at the ICE71 Startup Party 2022 – an evening filled with good food, refreshing drinks and even better conversations!

The cybersecurity startup community got to share their exciting achievements on the “bragging stage”, form new connections over pizza, and hear about new plans in 2023. 🍕


Thanks to everyone who came to celebrate another successful year and share their stories with us. Looking forward to seeing everyone again next year!

Launch of Cybersecurity Industry Call for Innovation 2022

Seven new Challenge Statements were announced at CSA’s Cybersecurity Innovation Day, which was attended by a full house.

On 31 Aug 2022, the Cybersecurity Industry Call for Innovation 2022 was launched by the Cyber Security Agency of Singapore (CSA), together with partners NUS Enterprise and TNB Ventures.

The call was launched at Cybersecurity Innovation Day 2022 by Senior Minister of State for Ministry of Communications and Information, Dr. Janil Puthucheary, who delivered the welcome address to a full house at the Raffles City Convention Centre.

→ Read it in The Straits Times here.

The Cybersecurity Industry Call for Innovation invites cybersecurity companies to develop innovative solutions to address specific cybersecurity challenges.

Seven challenge statements supported by six end-users were announced. View the challenge statements here.

11 winning projects of CyberCall 2021 were announced at the event. The awardees were selected from more than 70 local and international companies to develop and trial their proposals with participating organisations.

Technical experts were also recognised for the invaluable support they provided throughout the CyberCall review process.

Thank you to everyone who participated for making this event such an overwhelming success!

→ Learn more about the Challenge Statements, end-users, and funding criteria at www.cybercall.sg

→ Sign up for the upcoming Meet the End User sessions.

Dr Janil Puthucheary, Senior Minister of State for Communications and Information and Health, announced the launch of CyberCall 2022 at the Cybersecurity Innovation Day 2022.
Brian Koh, Director of NUS Enterprise, shared how NUS is uniquely positioned as a global university to support cybersecurity innovation through its multi-disciplinary approach.

L to R: Prof Anupam Chattopadhyay, Mr Michael Lew, SMS Janil Puthucheary, Dr Liu Yang, Chief Executive CSA Mr David Koh, Prof Alex Siow , Dr Vivy Suhendra, Mr Emil Tan, Mr Ashish Thapar.

Notes from InnovFest x Elevating Founders 2022

InnovFest x Elevating Founders was held in Singapore from May 31 to June 3, 2022, as the official start-up event of ATxSG. Over 26,000 attendees participated in NUS Enterprise’s flagship conference, connecting over topics in Web3, Sustainability and Accessing markets in Asia.

The ICE71 Community was privileged to be involved in this exciting event, helping to promote the latest cybersecurity trends and technology to other innovation leaders in the tech ecosystem!

 

1. Panel Discussion: Beyond the Hype – Securing the Metaverse

‘“Securing” the metaverse can be interpreted in two ways—understanding the commercial opportunities for businesses and society, and ensuring people in the metaverse are protected.’

In this panel discussion at InnovFest 2022, ICE71 brought together experts in mixed reality, FinTech, and cybersecurity to share different perspectives on the metaverse. They discussed how the metaverse is building “trillion-dollar opportunity”, it’s impacts on advancing healthcare and education, as well as security risks to look out for.

We are incredibly proud to say that this panel discussion was the most bookmarked across 200 conference sessions at the Asia Tech x Singapore conference! (You can see attendees spilling out into the hall below!)

We thank panelists Dr Gao Yujia, Prof Keith Carter, Mr Pankit Desai, Mr Winston Ng, and moderator Ms Wynthia Goh for their insightful contributions!

→ Read a recap of the discussion by the good folks at KrASIA here.

 

2. Exhibition Floor: ICE71 Start-ups at InnovFest

After two years of virtual events, it was exciting to meet everyone from the start-up ecosystem in-person at the Singapore Expo.

ICE71 start-ups were part of a lively exhibition floor featuring over 100 start-ups from the NUS ecosystem.

Being a part of Singapore’s largest technology event also provided the opportunity to connect with 600 exhibitors showcasing the latest tech products, from Singapore and across the world.

ICE71 Scale alumnus, CYFIRMA, introduced their technology to Ms Rahayu Mahzam, Parliamentary Secretary at the Ministry of Health and Ministry of Communications and Information, and NUS President Professor Tan Eng Chye, alongside other NUS start-ups.

(ICE71) are doing really great in supporting innovations related to cybersecurity in healthcare, education, tech and so on – you can see there are many opportunities there and we are happy to be part of it.

It helps us, especially in markets like Southeast Asia. Now that things have eased up, we attended our first InnovFest x Elevating Founders. While a virtual meeting helps as a presentation, nothing beats seeing people in person and understanding what each of us does.

Strobes Security, an ICE71 Start-up.

→ Check out all the action in this issue of Enterprise Sparks by NUS Enterprise.

ICE71 AI-based Cyber Tools Guide

“Cyber AI can be a force multiplier that enables organizations not only to respond faster than attackers can move, but also to anticipate these moves and react to them in advance,”

– Deloitte Insights, ‘Cyber AI: Real defense’ (Dec 2021)

With growing complexities in cybersecurity, companies are looking to cybersecurity tools powered by Artificial Intelligence (AI) and Machine-Learning (ML) as the future.

Apart from applications in threat detection and user behaviour analytics, AI/ML may be used in other innovative ways to help security teams.

Here are ways that ICE71 start-ups are leveraging AI/ML to make better cybersecurity tools for businesses and organisations:

POLARIS
Web Application & API Protection (WAAP) platform
Polaris WAAP defends websites by using AI and ML to actively detect malicious activities and deter cyber attacks.

*Polaris has recently opened their WAAP to the public for free! Learn more and register here.

Aiculus
API Security
The Aiculus API protector uses ML to detect fraud and misuse in API traffic.
Amaris.AI
AI Cybersecurity/IoT tools
Amaris.AI’s AI Cybersecurity products provide PII anonymization, network segregation, data-at-rest encryption, and AI malware detection.
AmAICrypt – Virtual Disk Encryption Tool
AmAISound – AI Sound Event Recognition System
Amaris Take Action System-Guard (ATAS-Guard) – Surveillance system for monitoring user activities through images/audio
Anonymizer – Automated AI tool to detect, anonymize and redact PII data
Build38
Mobile Application Protection
Build38’s T.A.K solution uses AI in its app shielding technology.
“The App is continuously monitored and the security telemetry is analysed by an advanced AI engine on the cloud. Based on that you get insights, either through a dashboard or integrated in your SIEM, about the current and future threats in your App base.”
Cyble
Threat Intelligence
The AmIBreached tool uses AI and ML to analyze the dark and surface webs in real-time and to identify if an enterprise’s login credentials are exposed online.
CYFIRMA
Threat Landscape Management
DeCYFIR uses AI and ML for real-time insight and threat visibility by aggregating, correlating and analysing information from the open and dark web to identify and process potential threats at the planning stage of a cyberattack.
Cylynx
Fraud Detection
Motif is a graph intelligence software that translates graph data into business insights, speeding up data exploration, analysis and collaboration across teams.

To explore more cybersecurity solutions, check out the ICE71 Solutions Catalogue.

Last update: 2022-05-05

ICE71 Singapore Cybersecurity Start-up Map 2022

Presenting… the 2022 ICE71 Singapore Cybersecurity Startup Map!

Launched at our inaugural CISO-Investor Roundtable event, the map offers the most updated overview of Singapore’s cybersecurity demand. This comprehensive directory also serves as a useful tool for security leaders, investors, start-ups and SMEs looking for opportunities for growth and collaboration.

With this update, there are now 150 unique start-ups active in Singapore’s cybersecurity ecosystem up from 136 in 2020. 2 new categories, ‘OT Security’ and ‘Awareness and Training’, have also been added in this version as cybersecurity companies in Singapore continue diversify and reinvent themselves. You can also find or browse ICE71 start-ups and solutions by focus area using the ICE71’s new Start-up Catalogue and Solutions Catalogue.

Feel free to share this map but please drop us a message, and make sure to link back to this page and attribute ICE71.

ICE71’s Cybersecurity Outlook for 2022

2021 was an eventful year for the cybersecurity world. According to SonicWall, 470 million ransomware attacks in the first three quarters of the year alone constituted a 148% increase from the same period the year before, making 2021 the worst year on record. From double extortion ransomware attacks and Ransomware-as-a-Service (RaaS) to supply chain risks like the Apache Log4j Vulnerability, threat actors have diligently kept businesses on their toes with an ever-evolving medley of novel tactics. In fact, ‘cybersecurity failure’ was ranked a top 10 global risk alongside ‘climate action failure’ and ‘infectious diseases’ among others in the recent World Economic Forum Global Risks Report.

Infographic by Visual Capitalist

Like Greentech and Healthtech, cybersecurity innovation is a never-ending economic opportunity because threats are always evolving. In 2021, an unprecedented $21.8 billion in venture capital was invested into cybersecurity companies – a nine fold increase over the past decade. By mid-2021, cybersecurity funding had already surpassed the total funding of 2020. ICE71 start-ups that have benefitted from the boom include KeylessSecurityAdvisor and Build38.

Singapore’s cybersecurity start-up scene also made considerable progress with 6 cybersecurity deals worth US$408.2 million closed in 2021, 10 times of what was raised the previous year. While funding activity in the region has not quite matched up with the bustle in other cybersecurity hubs of the world, it is likely to intensify as more movers and shakers like Snyk set foot on our shores. (You can hear more about Snyk’s story in this ICE71 webcast on how to raise funding amid the pandemic.)

With increasingly competitive funding rounds, winning pitches will need to show their ability to address biggest threats and challenges looming ahead. We got together ICE71 start-ups to contribute their cybersecurity predictions for 2022.

2022 Cybersecurity Predictions by ICE71

1. Ransomware Causing Life-Threatening Consequences

Put the proliferation of inadequately regulated payment methods and the mounting pressure to pay ransom together and we get the winning formula used by successful threat actors. More actual physical damages (think fires, power shutdowns, human casualties, etc.) should be expected as ransomware targets expand to Internet of Things (IoT) and Industrial Control Systems (ICS). Not only are hackers finding new vectors to hold organizations at ransom, but techniques will also continuously evolve “creatively” to evade detections and decryption. Venkat Ramshet, Founder of FlexibleIR foresees that social engineering attacks will be prominent and adversaries may move from encrypting data to distributed denial-of-service (DDOS) attacks or defacement of websites. Adversarial attacks are unpredictable, and organizations must practice cyber resilience.

2. More Cybersecurity Regulation

Dr Magda Chelly, CEO of Responsible Cyber, believes there will be more regulations in place to tackle the ever-increasing threat of ransomware and payments for ransomware. In fact, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) has declared ransomware payment illegal. 

Beenu Arora, Founder and CEO of Cyble, sees that the staggering record of breaches are getting regulators’ attention to impose penalties on organisations to do their due diligence. He believes that we will continue to see law enforcement in the private and public sectors crackdown on organised cybercrime rings. However, he likened the relationship between law enforcers and bad actors to a “whack-a-mole” game – when one adversary is taken down, others will take its place.

3. More Focus on Cyber Risk Quantification

With more organisations willing to invest in cybersecurity, there will be more focus on measuring the financial risks of cyber threats and solutions. Cyber Risk Quantification helps leaders to demystify cybersecurity and make more informed decisions. 

As the Greek philosopher, Heraclitus once said: “change is the only constant”. The world of cybersecurity is increasingly filled with more uncertainty, and it is expected that the attacks will continue to evolve, with the approaches becoming more sophisticated. Beenu concludes that even with the everchanging landscape, the basics still hold true: Practising cyber hygiene, keeping awareness programs, having strong governance, and treating cybersecurity as a technical problem are the basic attributes to being cyber resilient.

What used to be exclusively left to the organisation’s savviest individuals (aka the IT department) to deal with is now everyone’s collective responsibility as organisations brace themselves for greater threats and disruptions ahead.

Did someone share this with you? Get the latest cybersecurity start-up news and opportunities directly by joining our mailing list.

Notes from ICE71 x SFA Tech Showcase and Panel Discussion – Rethinking Blockchain’s $100B Problem Through Cybersecurity

In the wise words of Solo Kombani, COO of ICE71 start-up Aiculus, “the more powerful a tool is, the more robust our security measures have to be“. While Blockchain has opened up a wealth of opportunities for the FinTech industry, it has also become a high-value target for cyber criminals. Just as DeFi made headlines as the newest $100B sector earlier this year, bigger news was made when the industry saw a slew of high-profile attacks on DeFi platforms such as Cream Finance and Poly Network, highlighting very huge and present security threats.

In this joint Tech Showcase and Panel Discussion with the Singapore Fintech Association, we invited experts to discuss what Blockchain’s biggest cyber threats are and how companies can mediate these challenges with innovative tech offerings.

Key takeaways from the panel discussion:

  • Although smart contract technology has proved to be a revolutionary development with seamless transactions, equally debilitating vulnerabilities remain a top concern. Nevertheless, Veronica Tan, Director for Safer Cyberspace at the Cyber Security Agency of Singapore, believes that there will be more cybersecurity companies innovating to tackle challenges in this area.
  • 4 key areas of smart contract vulnerabilities have been identified by Ant Group – code security, logic vulnerability, business logic vulnerability and cross chain security. To address these, Derrick Loi, General Manager at Ant Group (International Business), shared that a multi-angle contract security analysis may be employed through static scanning, fuzzy test and formal business logic analysis.
  • Cybersecurity risks faced by traditional finance and DeFi are similar. As demonstrated by the recent spate of high profile hacks, Veronica pointed out that blockchain companies are also not spared from hacking incidents, hence traditional cyber hygiene measures must continue to be practiced in all organisations to ensure a safer cyberspace environment.
  • Gene Yu, Co-Founder and CEO, Blackpanda, also added that blockchain and cypto-affiliated companies may actually be considered higher risk than traditional finance as seen from the absence of cyber insurance companies that offer related coverage.
  • The Blockchain industry cannot simply mimic traditional bug bounty practices to raise it cybersecurity protection. Unlike traditional bug bounties, DeFi’s ‘bugs’ are associated with actual monetary value, said Anson Zeall, Chairman of Association of Crypto Currency Enterprises and Start-ups Singapore (ACCESS) and Co-Founder & Chairman of the International Digital Asset Exchange Association (IDAXA). Therefore, hackers have more incentive to who exploit DeFi bug and take off with rewards more handsome than typically offered by traditional bug bounties.

→ Watch the full session on ICE71’s YouTube channel or Facebook page.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

[FINAL REMINDER] Call Closes 31 Oct 2021!

PSA: The Cybersecurity Industry Call For Innovation 2021 closes 31st October 2021, 2359HRS (GMT +8)!

Send in your proposals to https://cybercall.sg/ by 31 October 2021 to stand a chance to

  • Receive up to $1M in funding from CSA
  • Work with key end-users to develop your innovative solutions
  • Address pressing challenges within technology areas including #AI, #IoT, #OT, #Cloud and #Privacy

See the challenges launched this year and highlights from key events below! ??

Don’t miss this opportunity!

Find out how to send in your proposals following the proposal submission template, and remember to complete all required sections before submitting. More instructions are available here.

For more information, visit https://cybercall.sg/. You may also direct submission enquiries to info@cybercall.sg.

ICE71 is a supporting partner for the Cybersecurity Industry Call for Innovation 2021.

GovWare x ICE71 Startup Pitch Pit 2021

The 3rd run of the GovWare x ICE71 Start-up Pitch Pit was held on 7 October, 10AM as part of the GovWare Conference and Singapore International Cybersecurity Week 2021. For this special edition, promising cybersecurity start-ups and SMEs from the ICE71 Community pit against each other as they pitched their solutions to a panel of infosecurity industry veterans, showcasing how AI is the next frontier of cybersecurity.

Missed it? Watch it below and stay tuned to find out who the winner was!

Judges
Benson Lau – Customer Success Director, Zencode (Hong Kong), Commitee Member, Hong Kong Startup Support Group
Claudia Marcusson – Strategy & Innovation Lead at SC Ventures, VC Investment advisor in Europe & SIngapore
Tony Jarvis – Security Principal at Citrix, CISO Advisor, vCISO
Guy Marong – Managing Partner, Cubic Consulting, Cybersecurity Consultancy in Luxembourg, Europe

Participating companies
TAU Express – Incorporated in 2018, TAU Express started as a spin-off from the SPIRIT Smart Nation Research Centre at Nanyang Technological University (NTU). TAU Express helps organisations unlock value and insights from massive amounts of documents using advanced AI techniques. Its document analytics platform is capable of parsing, extracting and categorizing unstructured documents to enable intelligent search and analytics, resolving complex productivity issues and help companies achieve digital transformation.
SecureAge Technology – Headquartered in Singapore, SecureAge Technology’s AIpowered Asset-based Cyber Defence (ABCD) serves as a Endpoint Protection Platform (EPP) solution, bringing together application control, cloud malware scans, vulnerability assessment, and seamless encryption of all files in one enterprise solution.
Flexxon – Founded in 2007, Flexxon Pte Ltd is a leading industrial NAND flash storage solutions provider that delivers a range of versatile advanced memory storage solutions, most notably its X-PHY AI embedded Cyber Secure SSD which leverages on its patented firmware to analyze the data access patterns to detect any anomalous attempts through AI and machine learning. With a key focus to serve Cybersecurity, Industrial, Medical, and Automation (CIMA) applications, Flexxon is dedicated to delivering robust data security solutions.
InsiderSecurity – Established in 2015, InsiderSecurity is an award winning, cybersecurity deeptech company based in Singapore. It develops specialized cybersecurity products that discover the internal cyber threat early, before there is any serious data loss. InsiderSecurity’s technology is especially useful to detect sophisticated threats such as SolarWinds.
Amaris.AI – Amaris.AI strives to advance humanity with trustworthy cutting edge Artificial Intelligence (AI) and Cybersecurity products, which determines AI model robustness against adversarial attacks and explain predictions. Amaris.AI offers a range of intelligent automation, AI cybersecurity and embedded AI hardware products for its clients.

ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 x RSAC 365 Innovation Showcase: Frontier Technologies of Adaptive Security

ICE71 is proud to bring our start-ups to the global stage!

On 19 August, ICE71 partnered with RSA to host the August RSAC 365 Innovation Showcase. This session brought together an expert panel to discuss the Frontier Technologies of Adaptive Security, with a focus on API Threat Intel sharing, Graph Neural Networks and methods for securing legacy applications in DevSecOps. This was followed by two pitches by ICE71 start-ups – Aiculus and Scantist – who presented their groundbreaking ideas in the adaptive security space.

The panellists were:

  • (Moderator) Rajiv Menon – Managing Director at Cisco Investments and M&A for Asia Pacific and Japan
  • Dr Ong Chen Hui – Cluster Director for Technology Development, Infocomm and Media Development Authority
  • Mark Kraynak – Founding Partner at Acrew Capital

Breaking through the Complexities of Cybersecurity

As an expert in Graph Neural Networks (GNN), Dr Ong shared that GNNs are a method of machine learning designed to perform inference on data described by graphs. Graph processing has gained popularity and its usage is expected to double every year from 2019 to 2022. GNNs can be used to solve a variety of cybersecurity problems due to its pattern recognition. For instance, automating detection of botnet attacks and cybersecurity vulnerabilities.

Mr Menon also talked about the problem on the lack of application security experts as compared to developers. Mr Kraynak added that , this problem is due to the fundamental disparity between the two roles. Application security experts face a fundamental problem: the sheer number of alerts and connections to deal with are overwhelming. He believes that the best way to tackle the problem is to automate the process of meaningfully integrating threat intelligence into the right parts of vulnerability management – and this is an area where novel solutions and technologies are much needed.

Following this, Dr Omaru Maruatona, founder of Aiculus and Prof Liu Yang, founder of Scantist, took the stage to share how each of their solutions reduce organisations’ reliance on the expertise of security teams through automation and machine learning, thereby bringing much-needed value to the adaptive security space.

Watch their pitches below, or find it on the RSAC Innovation Showcase page!


Aiculus is an ICE71 Scale start-up which leverages artificial intelligence to provide adaptive and intelligent cybersecurity capabilities for businesses that use application program interfaces, or APIs. Their solution defends the organisation’s API stack without having to access users’ data, offering an additional layer of privacy to customers.

Scantist is a member of ICE71 Accelerate’s fourth cohort. The start-up has developed an application security tool that manages open source vulnerabilities and helps enterprise clients improve compliance on the application level.

Notes from InnovFest 2021: How to Keep Cybersecurity out of Jeopardy

On 14-16 July, ICE71 took part in InnovFest x Elevating Founders, the official start-up event of Asia Tech x Singapore (ATxSG). Industry experts were invited to participate in a panel discussion hosted by ICE71 on the rise of cyberattacks making headlines.

Moderated by Linda Nguyen Schindler, ICE71 Programme Head, the panel session provided critical insights into recent incidents that put cybersecurity in jeopardy.

The participating panelists were:

  • Abbas Kudrati – APC Chief Cybersecurity Officer at Microsoft Asia
  • Doug Witschi – Assistant Director, Cyber Crime Treat Response at INTERPOL
  • Magda Chelly – Head of Cyber Advisory at Marsh Asia
  • Selwyn Scharnhorst – Director, Ecosystem Development at Cyber Security Agency (CSA)

To begin the discussion in a fun and interactive manner, the panelists were tested on their knowledge of recent cyberattacks in a refreshing format, inspired by the classic American game show, Jeopardy!. Incidents named included the Colonial Pipeline Ransomware attack, JBS Meat Plant Ransomware attack, SolarWinds breach and a classified malicious attack on a national healthcare system.

ICE71’s first-ever game show. Up for challenge? Give this a try.

Here are some key points made during the panel discussion:

Firms are still lacking the basic hygiene and fundamentals of cybersecurity: Cyberattacks that crippled organisations did not involve sophisticated methods of attack, said Mr Kudrati. It was a laissez-faire attitude to cybersecurity that had left organisations vulnerable to simple and common methods of attacks (such as SQL injections and brute force attacks).

The stark reality is that companies are still putting cybersecurity on the back burner. “History doesn’t exactly repeat itself, but it rhymes a lot,” Mr Scharnhorst said. The main cause of such incidents can often be attributed to the lack of proper cybersecurity hygiene and awareness. Companies with these basics in place would have eliminated their risks at the most fundamental level. On raising awareness, he added that conversations on cybersecurity should not stop at the top, but continue at all levels to empower every employee in the organization.

Dr Chelly further pointed out that the quantifiable impacts of ransomware attacks are not limited to just the ransom amount, but also the damage caused by business downtime (loss of profit, and accumulating operational costs), legal liabilities and more. To put things into perspective, it would be more expensive to remediate losses than to implement cybersecurity protection. Prevention is definitely better than cure.

Common misconceptions about unaffordable cybersecurity costs: Cybersecurity could be expensive – but not always. It was raised in discussion that many economical cybersecurity solutions are readily available on the market. Furthermore, the Singapore government has made it more accessible for SMEs by providing grants for a list of pre-approved solutions. Organisations should look for solutions that fit their cybersecurity budget by weighing their risk appetite and quantifying the potential financial loss of an attack.

To pay or not to pay: This is the conundrum faced by many ransomware victims. There is no silver bullet for reversing a ransomware attack. “Paying a ransom would be equivalent to financing the criminals,” said Mr Kudrati. Ethics aside, paying the ransom would not guarantee hackers to hold up their side of the bargain. In addition, hackers would typically try to maximize profit through a multi-pronged approach. Hackers would first demand ransom from affected organisations. Then, they may seek ransom from individuals involved to exclude their personal data or IP from further exposure. Finally, hackers might even sell the stolen data to the organisation’s competitors!

How should organisations respond to a ransomware attack? Mr Witschi advised organisations to come forward and share the incident with a trusted cybersecurity community, as there could be solutions available to remediate the attack. Threat intelligence sharing would also help experts identify how the organisation has been impacted and take aggressive steps to contain the attack.

ICE71 is proud to be a part of InnovFest 2021. Miss the panel discussion? Watch the recording below ??

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 start-ups:

More news on ICE71 and our start-ups here.

Interview with Pankit Desai, co-founder and CEO of Sequretek

We speak to Pankit Desai, co-founder and CEO of ICE71 Scale start-up Sequretek, one of the Financial Times’ most promising APAC companiesand more recently a RAISE2020 awardeeabout what it takes to get to such business apexes.


Q: What do you do at Sequretek?

I am co-founder and CEO at Sequretek, with primary responsibilities around business development, operations and fundraising. Prior to Sequretek, I have had leadership stints with IBM, Intelligroup, NTT Data for over two decades.

Sequretek offers solutions in Endpoint Detection Protection and Response (EDPR), Identity Governance and Administration (IGA), and Managed Detection and Response (MDR). A combination of our products and a 24×7 managed security services, covers majority of the problems that an enterprise might encounter.

Q: Can you share an example or two where Sequretek has helped your client to achieve simplicity in terms of security? 

Let me take two examples on opposing ends of a size spectrum.

One of the largest private sector bank (5,000+ branches) with over 125,000 employees and 700+ applications/services was struggling to get an answer to this question of “who has access to what”? They tried implementing traditional identity management solutions, but after spending a few million dollars and over two years, their coverage was barely 5% of the technology landscape. They evaluated Sequretek’s IGA and they were able to implement the product in six months and have covered more than 50% of the technology landscape, with balance being targeted for completion within the year. Their compliance organization which used to scramble resources every year before the regulatory audit or User Access Review requirements, now is able to get all of it done through a simple dashboard report.

India is home to over 1,500 co-operative banks. Most of these banks are in the rural areas and serve the farmers and poor people. These banks have been the backbone through which most of the government schemes for underprivileged get distributed. Over the past few years, these banks have invested in technologies to stay abreast of the transformation that is impacting the sector, and with it there have been several high profile cyber breaches. There is now significant pressure from the local regulator to invest in security to mitigate the risks. Most of these banks, lack skillset to understand what security measures they need to undertake to improve their security. We worked with their industry body to create a program that build a security framework around offerings that allowed these banks to improve their compliance and security posture without burning a hole in their pocket. The program had several technology awareness sessions, across the hierarchy, that were baked in to improve their appreciation of technology, till date over 1,000 people have undergone this training.

Q. Sequretek was rated as one of APAC’s fastest growing companies by the Financial Times for 2020. Congratulations! Can you share with us what got you here today, perhaps your business mantra for aspiring cybersecurity entrepreneurs?

Early this year Financial Times picked us as one of the fastest growing companies (#206/500) in APAC and just very recently, we were recognized as a winner in the category of tech centric companies sector agnostic applicability, at RAISE2020 a global AI event hosted by the government of India. While the first one was all about the financial success of the company, the second is a vote of confidence on our technology and ability to execute in the marketplace.

As an entrepreneur, it is indeed quite redeeming to see the company get to where it is today. While it may sound cliched, our mantra has always been “do right by your customer” and the rest will follow. We have put that thought process into practice and I am proud to see our customers’ stand by us through thick or thin. It doesn’t matter how good your product is, or how good of a team you have built for yourself, if you are not in a position to get a happy customer, it will not get you anywhere. As a company, we have barely spend any money in marketing, it is customer referrals that have allowed us to scale year on year.

Q: How is the cybersecurity sector like in India and Singapore, are opportunities and challenges the same? What are prospects you see in Singapore and the greater APAC region?

For most part cybersecurity in industry and geography agnostic, this has allowed most companies in this space therefore to scale without much requirements for localization as compared to some of the other technology areas. Having said that, there are nuances from a tech maturity levels perspective and local regulatory norms, that may change how customers in different parts of the world perceive the need for security. In India, you will find companies at the top end of the spectrum who have used technology to differentiate themselves at global scale and are understandably quite ahead in their security journey. On the other hand there are millions of small and medium enterprises for whom security is almost an alien concept, which is where most of the recent attacks are concentrated.

If I was to look at APAC region, one will find companies in Singapore for most part will be well versed in technology usage and a much better appreciation for the need in investing in cybersecurity. However, there are countries in south east Asia that are not at the same level, and the challenges that I mentioned earlier will definitely be present. I see our message of “Simplify Security” resonate across the region, for this very reason.

Q: Describe cybersecurity in less than 30 words.

Cybersecurity is an enabler to your transformation and not an inhibitor.

ICE71 x GovWare Focus 2020

GovWare Focus 2020 Virtual Conference and Exhibition, themed “Partnerships in Resilience and Advancement”, took place on 7-8 Oct. ICE71 was proud to be a Supporting Association for this major cybersecurity event and be a part of the first virtual GovWare-ICE71 Startup Pitch Pit.


Of all the virtual platforms we have been on so far, we must say that this conference had the best aesthetics, and we could sense the organisers putting a lot of effort in providing a unique experience. Moreover, we had many exciting things going on for us across the two-day conference!

First, there were the virtual booths at exhibition halls. ICE71 had our booth in Hall 3, and our start-ups 689Cloud, Cylynx, Digify, Red Piranha, Uniken, and WeSecureApp had their booths in Hall 4. It was a one-of-a-kind experience staying behind the screens while manning booths with avatar-like “representatives”. Through the booth chat function, we had fun interacting with visitors.

The ICE71 team caught up with our start-ups who had booth presence at GovWare Focus 2020

And on 1st Oct, at the Auditorium, we had the first virtual—albeit second—GovWare-ICE71 Startup Pitch Pit. Its first run was at SICW last year and the winner was Cyble.

Hosted by Linda Nguyen Schindler, ICE71 Programme Head, the 2020 Startup Pitch Pit featured four up-coming start-ups from the ICE71 community – each of the founders got onto the virtual stage to pitch their solutions:

  1. Val Bercovici of Chainkit, a cybersecurity start-up pioneering extended integrity monitoring for security, forensics and compliance. Customers report 39% of cyber attacks are undetected. Stealth technology heavily used by professional attackers, uses techniques invisible to leading cyber security tools today. Chainkit’s first to market SaaS solution lets customers wrap unbreakable digital Chains-of-Custody around all key systems and data, on premises and in the Cloud.
  2. Mitali Rakhit of Guardara, a technology company focused on building scalable, automated, smart software testing solutions to improve quality and security. Our first product, FuzzLabs, is a modern, powerful, and flexible smart fuzzer that utilizes “black-box,” dynamic testing to identify code defects, including vulnerabilities. We are a seasoned team with over 15 years of experience working for Fortune 500 companies and government organisations.
  3. Fabian Eberle of Keyless, a deeptech cybersecurity company founded by renowned security experts, experienced technologists and business leaders, bringing more than 10 years of research to life. Keyless is pioneering the world’s first privacy-preserving biometric authentication and personal identity management platform, combining multi-modal biometrics with advanced cryptography in a distributed cloud architecture.
  4. Sujeesh Krishnan of Kinnami, a cybersecurity start-up that provides a hyper-resilient data platform, AmiShare, that integrates data security, data protection, and data availability to help organizations combat growing cyberattacks and other disruptions. AmiShare secures data so that they can be accessed securely, efficiently, and with confidence about their integrity, on any storage device or platform. AmiShare also provides audits and alerts that enable proactive threat management.


The goal of the Pitch Pit is for start-ups to get real-world feedback and gauge potential interest in their cybersecurity solutions, from its distinguished panel of judges including:

  • Huang Shaofei, CISO at Land Tansport Authority of Singapore (LTA)
  • Tan Wee Yeh, Manager, Security Architecture – Customer Success at Microsoft
  • Steve Ng, Vice president, Digital Platform Operations at Mediacorp

After the start-ups went through 5-minute pitches and gruelling Q&A from judges (and the audience!), it was time to decide the winner. While the judges deliberated, pitch pit host Linda engaged the audience with an interactive cybersecurity trivia.

Judges had a challenging time deciding the winning start-up, as all of the pitches were good. But after considering various factors, including how innovative the start-up solution was and performance at Q&A, they decided that the winner of this year’s GovWare-ICE71 Startup Pitch Pit (drumrolls): Keyless! Congratulations to Fabian and the Keyless team!

First row from left: Pitch pit judges Huang Shaofei, Steve Ng, and Tan Wee Yeh. Second row from left: Start-up founders Val Bercovici (Chainkit), Mitali Rakhit (Guardara), Sujeesh Krishnan (Kinnami) and Fabian Eberle (Keyless, pitch pit winner)

If you are an organisation looking for innovative cybersecurity solutions or an aspiring cybersecurity start-up searching for insights on how your product will fit the market, please reach out to ICE71 and don’t miss catching the next pitch pit.

“In these dynamic times, it is becoming increasingly important for our cybersecurity community to come together in collaborative endeavours. We need to mobilise our strengths to propel cybersecurity resilience forward, especially in a COVID-19 world. Being the region’s first cybersecurity entrepreneur hub, at ICE71 we continue to carry the torch for cybersecurity entrepreneurship, seeking out great partnerships that can create impactful platforms for our start-ups to succeed and thrive.”

Through GovWare Focus 2020, our goal is to generate more awareness on cybersecurity entrepreneurship and on how start-ups are uniquely positioned to meet the rapidly changing demands of cybersecurity.  From ICE71 and our start-ups having an online presence at this premier event, to the first-ever virtual GovWare-ICE71 Start-up Pitch Pit, we are proud to be a Supporting Association of GovWare Focus 2020, and look forward to future partnerships together.” – Linda Nguyen Schindler, ICE71 Programme Head

See you next year!

ICE71 x Black Hat Asia: Hunting Cheese in Pandemic Pandemonium

ICE71 was a proud Association Partner of Black Hat Asia 2020, a signature technical cybersecurity conference that had happened in virtual format for the very first time.


On 1st Oct, founders and leaders across four ICE71 Scale start-ups were featured in the exclusive ICE71 x Black Hat Asia panel, “Hunting Cheese in Pandemic Pandemonium”. Joseph Gan, successful entrepreneur of homegrown cybersecurity start-up V-Key, moderated the panel. It discussed how agile cybersecurity start-ups can add value and reposition themselves during these dynamic times. The expert panel comprised:

  • Hrishikesh Dewan, CEO and co-founder of Ziroh Labs, a start-up providing advanced privacy preserving technologies without requiring data decryption,
  • Prof Yu Chien Siang, a veteran in the Singapore cybersecurity space and Chief Innovation and Trust Officer of Amaris.AI, a start-up that deals with the latest AI tech including adversarial AI, 
  • Kumar Ritesh, CEO and Founder of Cyfirma, a threat discovery and intelligence start-up funded by Goldman Sachs, and
  • Pedro Hernandez, Managing Director and Co-founder of Build38, a start-up that protects the mobile channel for their customers—mainly banks and service providers who use mobile applications.

Key panel takeaways include:

Accelerated business transformation encourages cybersecurity uptake. Start-ups like Ziroh Labs and Cyfirma, which have solutions catered to or can be adapted for cloud security, have experienced customer interest. Ritesh from Cyfirma quipped, “Cybersecurity all of a sudden became an urgency,” and later adds, “As soon as the lockdown has started to happen, they (clients and prospects) started to come back to us asking and worried about their data.”

Changes to business approach. Build38, for example, is taking a more tactical approach to their business messaging when it comes to helping their clients continue to thrive. Co-founder Pedro said they have shifted the client communication from achieving strategic goals (like preserving brand reputation and avoiding long term risks), to more tactical and short-term goals (like quicker time to market, reduced investment, and optimised resources).

Start-ups have also seen a shift in their target customer segments during COVID-19, as smaller businesses and end user demand for cybersecurity increase with the shift to remote working. According to Hrishikesh, co-founder of Ziroh Labs, “In most of the earlier part of 2019, we were mainly concentrating on the Fortune 100 to Fortune 1000 companies. But now we have pivoted a little towards SMEs as well. So that we can cater to all the different markets, and at a more faster pace.”

Educate, not sell your customers. Traditional methods like trade shows and meeting for a cuppa to grow business no longer apply—something the panelists agreed across the board. Digital marketing and content building is becoming prevalent when it comes to the need to engage customers during this time. “From Cyfirma’s perspective, at least, we have started to push a lot of educational, I would say, awareness programs to our potential clients and customers, as well as to the wider cybersecurity community,” Ritesh said.

“Hunt in the pack”. The panelists also agreed with the notion that cybersecurity businesses should work hand in hand together towards cyber resilience. Prof Yu of Amaris.AI urged local cybersecurity companies to join forces and leverage on their respective strengths: “We don’t have to just win as a party, we should win together. We have to be (hunting) in the pack. I took this story from Mr. David Koh who’s leading CSA—he said that we have many small companies, and unlike other companies like those in Taiwan and (elsewhere), where they all work together, Singaporean companies are fiercely competitive. They don’t have this idea that we will work with each other. We must change that.”

ICE71 Scale start-up leaders with moderator Joseph Gan of V-Key, at the ICE71 x Black Hat Asia 2020 live panel. Panelists discussed and gave their perspectives about how their cybersecurity start-ups are pivoting and adding value during these times.

In addition to the live panel, ICE71’s half-day digital conference, “Cybersecurity in the light of COVID-19” which comprised three back-to-back webcasts, was open for on demand viewing by the Black Hat community. The webcasts touched across different cybersecurity topics such as 5G / IoT security, Cloud Security as well as the human factor of cybersecurity.

ICE71 had a virtual booth over the four-day Black Hat Asia conference, where attendees could drop by, chat and interact with the ICE71 team to learn more about the region’s first cybersecurity entrepreneur hub (interestingly, Cyber N’US was on 2 Oct, which coincided with the last day of Black Hat Asia—ICE71 also had a virtual booth there). Having a virtual conference presence was overall an interesting, albeit new experience for most of us—definitely different from a physical conference experience, but with possibilities to know who’s who at the event, and connect with people whom we may never have brushed shoulders against otherwise. We could spark off meaningful “chats” and set up virtual meetings on the digital platform itself.

Looking forward to the next event!

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 celebrates Women in Cybersecurity

This month, ICE71 celebrates amazing women in cybersecurity across the world and in our community!

In support of International Women in Cyber Day on September 1st, ICE71 was proud to have collaborated with Cyber Security Agency of Singapore’s “SG Cyber Women X Series”. We had a live panel session on 17th September featuring 4 very inspiring women who have taken the leap of faith into the cybersecurity start-up world:

    • Magda Chelly, Founder of Responsible Cyber;
    • Kopal Agarwal, VP Business Development at Uniken;
    • Andrea Thniah, a recent Responsible Cyber intern;
    • and Mitali Rakhit, CEO and co-founder of Guardara,

together with moderator Sharon Ko, security expert from Microsoft.

Each panelist shared what it takes to thrive in the cybersecurity start-up world and valuable lessons learnt along way.

Only about 25% of the world’s cybersecurity workforce are women, according to a recent ISC survey. More can be done to tip the scale of diversity, and ICE71 will continue to support a diverse cybersecurity workforce.

Interview with Angie Huang, VP Global Business at ArcRan

Angie presenting about ArcRan’s iSecV Detector: an isolated add-on box, used to detect DSRC / C-V2X signals, and to analyze un-approved signal sources using the whitelisting mechanism

Angie Huang, VP Global Business at ICE71 Scale start-up ArcRan, shares her thoughts on winning First Place in “Young Award” for the Smart Application category, IoT and 5G security, why cybersecurity is like water, and more.

Q: Tell us about yourself and what you do at ArcRan.

I am the VP of Global Business at ArcRan. ArcRan is a company focusing on cybersecurity operation automation, IoT cybersecurity, and 5G cybersecurity products. We concentrate on constructing comprehensive and next generation cybersecurity solutions based on unique machine learning algorithms to help governments and enterprises conduct quick response to a variety of advanced cybersecurity threats and attacks.

Q: Can you share some examples of customer use cases?

The embracing of IoT by businesses has opened up enormous opportunities, but at the same time created new significant security risks as more devices get connected.

A smart manufacturing customer adopted our iSecMaster IoT Threat Detection solution to detect suspicious behavior and cyberattacks within their factory premises. The solution leverages and monitors wireless signals transmitted between devices and utilizes signal detection, machine learning and network behavior analysis methods to determine anomalies.

The growth of autonomous vehicles and Vehicle-to-Everything (V2X) applications also means more attack vectors and possibilities for hackers. With everything being connected, an attacker could tamper with the signal regarding traffic conditions, or fake messages being transmitted between vehicles. Autonomous vehicles makers have applied our V2X Threat Detection solution to detect security threats and protect their systems.

Q: Congrats on your recent win of “First Place in Young Award (Smart Application Category)”! Can you share more about this achievement?

Thank you. The “Young Award” is an annual award presented by the National Development Council and the Industry Development Bureau (Ministry of Economic Affairs) in Taiwan to recognize achievements in the digital industry, based on creativity, market strategy, functionality, market demand, and future development and growth. The award is divided into four categories: Smart Applications, Smart Health, FinTech, and Innovative Business Models. 

Our company has rolled out a complete portfolio of products to meet the growing demand of cybersecurity in the Smart Manufacturing industry, and we are honored and grateful that the judges could recognize the importance of the role our company is playing.

Q: What are emerging cybersecurity trends and opportunities?

New opportunities will begin to accelerate this year as 5G mobile networks start to roll out. We are noticing an emerging trend in IoT devices connected to 5G network, private 5G networks and Edge Computing.

Q: What are your thoughts around the impact of COVID-19 for organisations?

COVID-19 has drastically changed the business world and accelerated digitalization of business processes and the expansion of cloud computing. It has also refocused cyber security teams on Cloud Platform security, Data Privacy, Connection and Remote access, Security operational tools, and Policies. 

I believe this is a common challenge for organisations across the globe.

In Taiwan, we are also continuing to adapt cybersecurity strategies to account for increased threats to the new normal. Since Taiwan’s economy is driven by technology and manufacturing hubs, cyber security in hardware devices, IoT, supply chain and smart manufacturing will still be one the key areas of focus.

Q: Describe cybersecurity in 30 words.

Cybersecurity is one of the essential factors that determines whether an enterprise will be able to survive. However, cybersecurity is like water. Everyone ignores it until they actually need it.

Cybersecurity, as you know it, is about to change

By: Kumar Ritesh, Chairman and CEO of CYFIRMA

Pundits across the world have set their sights on a post-pandemic future, arguing that a new normal is about to descend upon us. While I recognise much of what the future holds is ambiguous, there is an area which will become our inevitable reality – cyberthreats that come with rapid digitisation.

According to a report by the Australian Cybersecurity Growth Network, global cybersecurity spending is set to increase by 86 per cent to US$270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.

To wrap their minds around post-pandemic realities, business leaders and CISOs would need to understand the cybersecurity impact of these strategic digital shifts. COVID-19 has become the catalyst to trigger change in the ways of managing and operating technology. Let me outline a few here.

 

Telecommuting is the only way of working for many

1. Adoption of virtual desktop will finally see an upswing:

With tele-working likely to become the norm, virtual desktops could become the security baseline for IT teams to enforce data management standards. Virtual desktops emulate a computer system so that IT can control access such as adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.

To meet the stringent criteria of regulatory and corporate compliance regarding data security, many companies will see the adoption of virtual desktops as the go-to solution.

2. We will notice surge in adoption of decentralised cybersecurity:

Traditional cybersecurity controls dictate a centralised approach where data is consolidated from different sources to perform analysis and investigation. With swift digitisation, security controls will shift to data sources, similar to the trend witnessed in IoT. We could start seeing a new wave of anti-virus, data loss protection, digital rights management and endpoint-based firewalls and other security controls gaining traction.

With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralised cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.

3. Rise in biometric way of authentication:

User access controls have largely revolved around one or two-factor authentication. These methods rely on ‘something you know (username)’ and ‘something you have (password)’ and given hackers’ interest in employees as the weak link to start a technical exploit, we will see cyberattacks directed towards individuals.

This means identity protection will be of priority and the best defence should focus on building authentication systems which focus on ‘who you are.’ This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice, and facial recognition technologies.

With biometrics, hackers’ attempt at impersonating you just got a lot harder than trying to break into passwords.

 

New processes will govern our way of work

1. Global privacy regulation and policies will require a re-look:

The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes. With remote working taking centre stage, re-evaluation of these policies is needed to address the new cyberthreats.

From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.

Governance around companies and employees’ social media profiles would also have to be included as these platforms are frequently trolled by hackers as they carry out reconnaissance before launching a cyberattack.

2. Cloud will become more important than ever before:

The shift to cloud services offers employees, customers, suppliers, and everyone else across the ecosystem a seamless and friction-less access to data and applications. Remote access by various users would compound security challenges and presents many new potential attack vectors.

In the post-pandemic world, IT resources would shift towards data, particularly keeping data secure across cloud platforms.

3. Containerisation technology will be extended beyond enterprise network to include endpoints:

IT architectures will extend containerisation and zoning concepts to include not just systems, but also people, roles, and the level of sensitive data they possess. Containerisation, thus, will be extended beyond enterprise networks to include endpoints such as remote worker machines and mobile devices.

This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimise risk of cyber intrusion and data breach.

 

Technology and tools are taking over

Innovative technologies such as ML/AI, AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.

Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities. By digitising the previously labour-intensive processes, factory operators will enjoy improved efficiencies, but at stake will be cybersecurity, if it was not integrated during the early stage of transformation.

Cybersecurity teams who are saddled with events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, business can digitise confidently with external threat intelligence as the guiding beacon.

 

And let’s not forget people as critical cyber defenders.

Hackers’ technical exploits will flourish in level of creativity and ingenuity, and a digital ecosystem is the perfect playground for malevolent agendas. Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into the corporate network will also intensify accordingly.

Instead of seeing people as the weakest link, view them as your frontline defenders. Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.

Hacker groups will rattle the cages of government and businesses as digitisation efforts escalate. Cybersecurity strategies would have to shift downline towards the remote worker, decentralised controls, and enhanced policy measures. Digital transformation and cybersecurity are twin engines for sustained success, and this has just risen to the top of the boardroom agenda as economies awaken to the new realities of a post-pandemic world.

 

About the author

Kumar Ritesh

CYFIRMA Chairman and CEO, Kumar Ritesh, has 2+ decades of global cybersecurity
leadership experience across all facets of the cybersecurity industry. He spent the first half of his career as the head of cyber of a national secret intelligence service agency, gaining first-hand cyber threats and risks insights on a global scale before transiting into the commercial arena as a senior executive for multi-national corporations IBM and PwC. Ritesh was also the global cybersecurity leader for one of the world’s largest mining companies, BHP Billiton. Through his blogs and public speaking engagements, Kumar educates companies on cybersecurity risks, solutions and trends.

Headquartered in Singapore and Tokyo, CYFIRMA is a leading threat discovery and cybersecurity platform company.

CYFIRMA is also an ICE71 Scale company. 

 

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Nominations for the ‘Top 20 Women in Cyber Security in Singapore’ to be announced on Thursday, 13 August 2020

The ‘Top 20 Women in Cyber Security in Singapore is to be announced this Thursday as part of the global ‘Top Women in Cyber Security’ initiative established to recognize women who have advanced the security technology industry.

The winners represent women in cybersecurity in Singapore for 2020 who have made significant contributions, advanced the industry and shaped the path for future generations of professionals among other vital contributions.

Amongst the winners are representatives of leading government and industry firms, from banking, finance, automotive, consulting and includes the Cyber Security Agency of Singapore, with judges also representative of leading cybersecurity identities in Singapore, Malaysia and Australia.

CSA Cybersecurity Innovation Day 2020

Group photo with guest speakers and 9 awardees of the 2019 Cybersecurity Call for Innovation

ICE71 is proud to be a supporting partner of the second and virtual edition of CSA Cybersecurity Innovation Day on 30th July. The event saw highlights including exciting pitches by 2019 Cybersecurity Call for Innovation Awardees, with two ICE71-affiliated start-ups Scantist and Amaris.AI participating. It also provided opportunities for real-time, 1-1 business meetings with awardees, on top of enriching sessions featuring a keynote by security and AI expert Prof Dawn Song.

An initiative by the Cyber Security Agency of Singapore (CSA), powered by TNB Ventures, the online half-day event started off with a warm welcome by Guest-of-Honour Mr David Koh, CSA Chief Executive. Mr Michael Yap, Managing Partner, TNB Ventures then shared the journey and insights from the 2019 Cybersecurity Call for Innovation.

The main highlight of the day was the pitching session by 9 innovative cybersecurity companies who won the Call for Innovation award. Scantist, an ICE71 Accelerate alum, and Amaris.AI, an ICE71 Scale start-up, pitched their solutions together with other awardees. The innovations pitched were diverse, covering advanced malware forensics, adversarial attack on AI, OT protection, threat intelligence, data access security, application security, endpoint protection, and autonomous vehicle security.

Prof Liu Yang of Scantist pitching about the start-up’s software application security solution

Scantist is a local start-up spun off from years of R&D, with a focus on application security. In the presentation about their awarded project on AI enabled application security testing framework, Prof Liu Yang, CEO and co-founder of Scantist, spoke about the significance of application security: ”With the trend of digitisation, software is everywhere from websites, mobile apps to IoT applications. Software applications are critical means for delivering value of products and services. But the reliance on applications also means that they need to be secure.” Prof Liu shared that application security remains to be challenging amid a fast-paced, ever-evolving attack landscape, coupled with the lack of deep security expertise. “Infamous incidences around Panama Papers, Equifax, and Heartbleed arising from application-level breaches have led to substantial financial and reputational loss,” he said.

Amaris.AI’s Prof Yu Chien Siang giving an introduction on known adversarial attacks against AI

Amaris.AI, a full-stack AI start-up, provides a solution for adversarial attack on artificial intelligence. Prof Yu Chien Siang, Chief Innovation Officer of Amaris.AI, gave interesting examples on how AI can be fooled, including one that talks pandas and gibbons: “See the panda. You will see that if we add a little bit of unperceivable perturbation, the AI will be fooled and upended, and the panda ‘becomes’ a gibbon.” He cautioned on the security risks of current AI systems: “Almost all AI systems deployed now are without defences, if aggressively targeted, they will all be badly subverted, and these AI will also be automating such attacks.” Prof Yu urged the audience to think about potential impact in areas using AI, like autonomous cars and immigration biometrics.

Prof Dawn Song of Oasis Labs speaking about responsible data economy in the age of AI

It was great to see homegrown cybersecurity start-ups in the line-up of awardees, such as Amaris.AI and Scantist which are in the ICE71 inner circle, as well as Insider Security, a start-up that provides detection of unauthorised access to patient data – a relevant cybersecurity solution for healthcare IT systems.

Keynote speaker Prof Dawn Song, who also has her own start-up Oasis Labs, spoke passionately about the importance of privacy preserving data access in the age of machine learning, in her session on challenges and future direction for AI. She said, “Data needs to be protected not only at rest and in transit, but also when in use and in compute.”

There was also a fireside chat with students featuring Prof Song, a presentation by AiSP on security by design, and an IMDA sharing on opportunities for cybersecurity start-ups in the SME market.

The virtual event was a truly insightful experience. We look forward to more of such cybersecurity entrepreneurship initiatives in the future!

Watch highlights:

Catch up on the full event programme content here.

Interview with Omaru Maruatona, CEO and Founder of Aiculus

Omaru Maruatona, founder and CEO of ICE71 Scale start-up Aiculus shares about the increasing need for API security post COVID-19, the start-up’s recent fund raise circa SGD1 million, and more.


Q: Tell us more about yourself.
I was born in Botswana Africa and moved to Australia in 2015 on a scholarship to study Software Engineering. Since then I’ve worked in Botswana in a diamond mine, then moved back to Australia where I completed an industry PhD in applied Artificial Intelligence. I’ve also worked for a global financial services company and a big four consultancy firm before I founded Aiculus in 2017. I am currently CEO of Aiculus and am responsible for the overall strategy of the company.   

Q: What inspired you to start Aiculus?
I started Aiculus mainly because I saw a growing trend in the wide application and adoption of APIs and a gap in the way they were being secured. Globally, there’s been a massive uptake in connecting different systems and enabling digital service provision using APIs. Most countries have also moved to legislate the sharing of consumer data through open platforms such as Open Banking. Consequently, organisations have set up digital platforms to comply with these regulations and also to enhance customer experience. Given my background in software development, AI and Cybersecurity, I had a good idea of what it would take to develop a prototype to test the market so I took the leap of faith and went for it.  

Q: Could you share with us some real-world client use cases of your technology?
Most organisations with APIs have one or two layers of defence or security. These security controls are mostly at the perimeter and typically check for authentication and authorisation in incoming API traffic. We are currently working with a large corporate organisation to provide a behaviour-based API screening capability to detect the use of stolen credentials and account takeover attempts. With the increasing number of successful authentication bypass attacks and attacks using stolen credentials, a proven way to stop these is to inspect authenticated API requests using some form of Behavioural Analysis. This is the value proposition of Aiculus.

Q: Congrats on your recent milestone securing close to SGD1mil in seed funding round led by Cocoon Capital! What were learnings from the fundraising? What did it take to get there?
I think every start-up has its own context and therefore things that apply to them may be different. For us, what really took us over the line in terms of securing the investment was that we had a host of people who could speak on our credibility. In addition, we did our research and made sure we had defendable facts on market size, competition, growth drivers and product differentiation, to mention a few. 

Q: What are your thoughts about API security in the light of COVID-19? How relevant is this now – has the need increased or remains as important as ever, and why?
COVID-19 has compelled many companies to roll out massive work from home arrangements for employees. In addition, physical distancing measures have resulted in many people using digital services rather than the traditional in-person purchases for services. Because of this, the digital channel widened significantly and may never go back to pre-COVID-19 volume again. All this means that APIs, which power the communication between systems, are busier than ever and must be appropriately secured to sustain this new normal.    

Q: You recently set up a Singapore office. It’s a progression that we see since your days in ICE71 Accelerate to being a member with ICE71 Scale at present, and we are proud to have been part of your journey. What are your thoughts about business prospects in Singapore?
Thanks, ICE71 has been pivotal in Aiculus establishing in Singapore. From the beginning, Aiculus was founded as a global company because the problem we are solving is global. Although we can technically serve any customer wherever they are in the world, our expansion has to be incremental in order to be sustainable. SEA is a fast-growing region in the world, so it made a lot of sense to be in Singapore since this is the financial hub of SEA. In Singapore, Aiculus wants to be a critical part of the cybersecurity ecosystem, offering a product that provides great value to organisations who are using APIs.

Cybersecurity is a set of attitudes, technical and administrative controls methodically deployed to help ensure a digital service is resilient from deliberate or accidental disruption.

– Omaru Maruatona

Omaru is a valuable member of the ICE71 community. His start-up Aiculus was in cohort 3 of ICE71 Accelerate and is currently an ICE71 Scale company.

 

COVID-19: Productivity at the cost of security


In the RSA Conference APJ 2020 session “Getting the security and flexibility balance right in a COVID-19 world”, Magda Chelly, co-founder of Responsible Cyber shared her insights around digital transformation and security risk considerations in current times.

It’s ultimately about productivity
Improved and continuous productivity is a key driver of digital transformation for companies. It is less about regulatory or cybersecurity reasons. “In terms of APAC, I noticed that digital transformation adopted by companies are very much related to a sense of speed, to allow productivity to continue for employees.”

Amid COVID-19, health measures around the world have made remote work a necessity rather than an option. This need in turn pushes for digital transformation for many companies.

The perimeter is dead: Security without boundaries
With COVID-19 accelerating digital transformation, enabling employees to work from anywhere, cybersecurity risks are emerging with increasing prevalence of cyber attacks due to this flexibility of working.

There are COVID-19-themed attacks (link) in the form of phishing, malware and others, all of which exploit what makes us human, and contribute to an increased number of enterprise attack vectors. “As usual, the weakest link is the human factor,” Magda shared. Human fallibility remains to be the enemy of control, especially with phishing attacks.

On endpoint management, she cautions that companies might still be exposed to different risk scenarios. She cited an example on passwords. “We have seen new policies that passwords should not rotate, for example, but if your employees are working from home, and eventually working from their own devices, they are using those devices to perform business activities. They might be using
the same password for their social media and corporate accounts.”

And there are other unpredictable risk scenarios. Besides their own home WiFi, employees could be on insecure and uncontrolled networks in quarantining hotels, and VPNs may not work here. They might also have technical difficulties with work email and end up using their personal email, another bane of security.

New approaches to security
Magda urges cybersecurity professionals and leaders to go out of their comfort zone and adopt a data-driven mindset when it comes to assessing emerging cyber risks. “Have your 3, 5, 10 new emerging cyber risk scenarios, and then quantify them.” She recommends cross-collaboration with other business teams like IT and compliance to uncover factors for quantifying data, particularly those that make sense and matter to stakeholders.

When it comes to cyber resilience and awareness building, cybersecurity professionals need to increase their visibility and reachability within the business, not just through traditional means of communication like newsletters which can seem distant.

And as they say, the perimeter is dead. The future of security lies in a non-perimeter-based approach – and zero trust, which places users at the centre of the security strategy.

Magda is a thought leader and frequent speaker at cybersecurity forums and events. She is a valuable member of the ICE71 community, and her start-up Responsible Cyber is both an ICE71 Accelerate alum and an ICE71 Scale company.

ICE71 is a proud community partner of RSA Conference APJ 2020. Watch conference content on demand here.

ICE71 start-up news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Interview with Kopal Agarwal, VP Business Development at Uniken

Kopal Agarwal, who helms ICE71 Scale startup Uniken’s APAC business, shares about mobile security in a post COVID-19 world and more.

1) Tell us more about yourself. How did you get to your role at Uniken and what do you do in this role?

I joined Uniken about 6 months ago to spearhead its growth plans in APAC. Prior to joining Uniken I worked in the financial services industry for 19 years. Most recently, I was with the Bank of Singapore, and prior to that I worked with Barclays and JP Morgan in Singapore.

I first got to know about Uniken when they pitched to me at one of my previous employers. I was so impressed with their security solution; I decided I had to be a part of this company’s growth journey.

2) What’s the Uniken story, ie. how did Uniken come about?

Uniken was founded in India 7 years ago. A fresh team came in three years ago and has built the Uniken of today – with the simple aim to make connections secure and easy. Adding security layers to your digital channels means adding friction to the customer experience. For an organization embarking on a digital transformation journey, this poses a big dilemma. Our patented security solution REL-ID was built with the key focus on driving customer engagement and eliminating every major vector of fraud and breach.

We have since expanded into Latin America, the US, APAC, Europe, Middle East, and Africa — with global headquarters in the US and regional APAC headquarters in Singapore.

3) Could you share with us real-world client use cases of your technology – for us to better understand what your technology is about, and why this is important?

Our product is industry agnostic, hence we work with various sectors such as financial services, education, airlines, and retail.  I can share two use cases clients consistently deploy our solution for. The first is around protecting mobile apps and all transactions conducted with them. The second use case is about 100% transaction verification in business banking. Both examples take fraud to zero for our clients and drive a tremendous amount of engagement given the ease of use.   Making security invisible and frictionless has its advantages across the board.

4) You’re very much in the news recently, from news about Bank of India using your REL-ID technology to REL-ID gaining FIDO2 recognition. Congratulations on these milestones! Could you tell us more about these achievements?

Thanks, and yes, we have been in the news a lot lately. Bank of India (BOI) was all about delivering for a customer.  They are our oldest customer and as they have grown so have we. For us it was about listening to them and their customers along the way and continuing to strengthen our product set to meet their changing needs.  As BOI saw the threat landscape change, they realized that deploying REL-ID across the board was the obvious choice, we had what they needed because we listened along the way.

Our recent FIDO2 certification is another example of listening to the market, i.e. in providing a password-less solution that meets an industry standard and in having a continual push for innovation. With FIDO2 our solution can allow our clients to use an industry standard for password-less cryptographic authentication and combine it with our other award-winning features, allowing customers to lower their cost of ownership while offering the range of client authentication techniques.

5) What are your thoughts about mobile security of the future? Will COVID-19 change anything in this space?

In the new normal post COVID-19, the way people conduct their lives will change and digital interaction will be the norm rather than an option. We now have to ensure security and convenience to meet the needs of the new normal. Just look at Zoom and why they have succeeded recently. They are simple, easy and consistent, but they forgot to focus on security and privacy.

The emergence of mobile as the dominant channel creates the opportunity for businesses to rethink their security paradigm, allowing them to pivot to a customer-centric model that delivers a better customer experience and unlocks the true power of digital transformation.

6) Describe cybersecurity in 30 words.

Cybersecurity is about protecting one’s systems, information, assets and dollars. But above these, it is also about respecting individual privacy and protecting the brand.

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

More news on ICE71 and our startups here.

Why you should worry about ransomware breaches during COVID-19


Cybercriminals are taking advantage of the emergencies caused by COVID-19 to run more frequent ransomware attacks. Criminals aim these attacks mostly at hospitals and corporates, locking these organisations out of their critical systems, to extort payments.
Sudesh Kumar from Kapalya, an ICE71 Accelerate startup, shares more.

Ransomware are often spread through phishing emails containing malicious attachments, or through drive-by downloading. Over the last month, the number of phishing ransomware emails and attacks increased respectively by 4,000% and 350% with COVID-19 themed cyberattacks. There are about 13,000 malicious website domains using names related to COVID-191. Business networks are more exposed to potential attacks because of the high number of people working from home using corporate-issued laptops, smartphones and tablets, all of which may contain confidential, proprietary, classified and sensitive data. When cybercriminals compromise these files, they also extract the contents of these files and expose them on public-facing websites to further extort companies, if the victim companies deny ransom payment.

After a ransomware enters the system, it encrypts accessible files present on the computer and spreading through the network. These files become unusable unless decrypted with a special key owned only by the cybercriminal and released in exchange for a payment with an untraceable/pseudonymous methods (e.g. Bitcoin, Ethereum).

4 more concerns arising from an attack on top of a financial loss

Besides the loss in dollars and cents, 4 other key concerns arise from a ransomware attack:

1) There is no assurance that cybercriminals will release the decryption key after the payment, entailing a risk of permanent data loss;

2) During the time elapsed from the attack to the release of the decryption key (if at all), data and network are unusable, heavily disrupting time-critical applications such as hospitals;

3) After a first ransomware attack has been successful, there is no assurance that the victim will not face a cyberattack again, exploiting the same weakness used the first time;

4) During an attack, ransomware can transmit data from the computer to the Internet, causing potential leaks of sensitive or classified data (e.g. attacks by Maze, Sodinokibi, Nemty, Clop)

Conventional ransomware attack routes

Ransomware are often spread through phishing emails that contain malicious attachments or through unintentional download (i.e. drive-by downloading) when a user visits an infected website.

During ransomware attacks, attackers will compromise an individual host through phishing, malware, or exposed remote desktop services. Once they gain access to a machine, they spread laterally throughout the network until they gain access to administrator credentials and the domain controller. Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. In particular, the latest advancement involves “file-less” infection, where malicious code is either embedded in a native scripting language or written straight into memory using legitimate administrative tools, without being written to disk.

File-less ransomware

In file-based attacks, a binary payload is downloaded onto the target machine and executed to carry out malicious actions. Legacy antivirus can prevent these known attacks by identifying the signature. If the signature is found, the antivirus prevents it. File-less malware avoid this countermeasure by presenting no indicators of malicious executables on the target machine. Instead, attackers use legitimate tools built into the system like PowerShell, WMI, Microsoft Office Macros, and .NET for malicious purposes (Figure 1)2. This technique is called Living-Off-the-Land and the exploited legitimate tools are known as LOLBins). Many LOLBins are incorporated into the daily workflow of IT professionals, which makes blocklisting them impractical given how it would reduce IT’s efficiency and reach. The attackers have a set of tools they can leverage that are pre-installed on every Windows machine they want to target.

File-less ransomware are:

1) Stealthy: They exploit legitimate tools and are thus almost impossible to blacklist.

2) Living-off-the-land: Tools used are installed by default on most machines. The attacker does not need to create or install any custom tools to use them.

3) Trusted and Frequented: Tools used are frequently used and trusted. It is not unusual to see such tools operating in an enterprise environment for a legitimate purpose. A list of most recent file-less attacks is shown in Table 1.

File-less attacks can be a powerful tool for attackers, since they are able to bypass the majority of antivirus and next-generation antivirus products.

Final thoughts

Protecting files and folders on desktops, laptops, file-servers, smartphones, tablets and other user devices during this COVID-19 pandemic has become a necessity. In doing so, both private and public organizations must understand and mitigate the risk by encrypting files and folders on all devices, either inside or outside the organizational perimeter.

Using just perimeter defense and anti-malware or regular backup is no longer sufficient. A comprehensive organization-wide encryption must be developed and implemented.

References

  1. 4,000% increase in ransomware emails during COVID-19 | National Observer. Available here. (Accessed: 28th April 2020)
  2. Securely Support the Remote Workforce Surge | Unisys. Available here. (Accessed: 16th June 2020)


Author profile

 

 

 

Sudesh Kumar is CEO and co-founder of Kapalya, an ICE71 Accelerate 4 startup providing a comprehensive encryption management solution. Sudesh has more than 25 years of IT, mobility, security, networking, cloud computing and Project Management experience. Kumar has successfully delivered global multi-million dollar heterogeneous networking and transformational cloud services projects.

You may also be interested in:

In conversation with Sudesh Kumar of Kapalya, an ICE71 Accelerate 4 startup

ICE71 Demo Day: Nine companies, nine dreams, one virtual stage

25th June marked the Virtual Demo Day for our fourth and latest ICE71 Accelerate cohort, featuring nine startups from Singapore, Australia, Israel, the UK, the US and Poland.

To date, ICE71 Accelerate, ICE71’s accelerator programme has supported 34 cybersecurity startups and helped to strengthen Singapore’s growing cybersecurity ecosystem. And 16 of these companies from the programme have collectively raised SGD$18M.

In the Demo Day welcome address, Rebecca Floyd, Managing Director for CyLon Singapore described the exhilarating journey of making a wholly virtual accelerator programme a reality. “Necessity really is the mother of adventure,” she said, revealing the need for running a different kind of accelerator, and having an entrepreneur’s mindset to make things happen amid the challenges of the current pandemic.

Edwin Low, Director, Innovation & Tech Ecosystem at Infocomm Media and Development Authority (IMDA), said that ICE71 was formed to develop the cybersecurity ecosystem and provide support in terms of funding, go-to-market, facilities as well as community building.

In the two years since ICE71’s inception, we have made progress. Among the many milestones we had, we have trained over 80 cybersecurity entrepreneurs, accelerated more than 30 startups, and played a part in connecting our past cohort startups to potential customers and investors. Some notable results of connections made include funding raised from Cocoon Capital by Aiculus and Guardrails.

Our progress is driven by our co-founders Singtel Innov8 and NUS Enterprise, but certainly not without being in synergy with supportive partners giving us the uplift we needed. Edgar Hardless, CEO of Singtel Innov8, expressed, “Thank you to our partners who have supported us in this journey. Without the support of partners like IMDA, Cyber Security Agency of Singapore (CSA), and Cisco, we probably wouldn’t have reached where we are today.” Edgar was optimistic about existing capabilities to take ICE71 to the next level.

Prof Chee Yeow Meng, AVP for Innovation & Enterprise at the National University of Singapore (NUS) spoke about new cybersecurity challenges emerging from a remote work setting: “With COVID-19 forcing most of us to work remotely or study from home, new challenges have emerged for cybersecurity, driving a greater demand for cybersecurity solutions and creating opportunities for cybersecurity entrepreneurs.”

On the success of ICE71 Accelerate, CyLon has been an important programme partner for us. Grace Cassy, co-founder of CyLon shared about the proud partnership with ICE71 and how wonderful the journey was for them to be a part of helping to grow Singapore cybersecurity ecosystem.

The future is bright for cybersecurity entrepreneurs, but one of the key challenges remains to be how startups can rise above the noise and legacy in enterprises, and demonstrate immediate value in their solutions. They need to know how to convey their value proposition with key decision makers, particularly CISOs, to make headways. Keynote speaker Alan Jenkins, CyLon CISO-in-Residence had much to share on how startups can best engage with CISOs in today’s challenging environment.

While we look forward to many more milestones by ICE71 Accelerate alums, for now, congratulations to cohort 4 startups for completing this incredible journey and kickstarting another. It is great to see the new connections formed through ICE71 Accelerate between the cohort and our partners from the likes of CSA, Singtel Trustwave, NUS, and others. We can’t wait to hear of more exciting developments from our fourth cohort in the coming months!

Watch the pitches of each startup and connect with them directly by clicking on the links below:

Read about Demo Day in the news:

  • e27
  • AsiaOne
  • SBR Daily Briefing
  • Telecompaper
  • and more here.

Download the Lookbook here.

See the full Demo Day recording here.

Check out “In conversation” interviews with startup founders here.

ICE71 Accelerate alumni in the news!

Did you know that our ICE71 Accelerate past cohort alums have been making waves in the news? These include:

..and many more!

Meet the cohort 4 startups! Watch Demo Day at https://www.accelerate4-demoday.ranosys.net/client/ice_71/

ICE71 Singapore Cybersecurity Startup Map 2020

ICE71 proudly presents our 2020 Singapore Cybersecurity Startup Map, the latest (and greatest yet) version of it!

We’ve been continuously working hard to scour our island nation for cybersecurity startups – in this year’s updated map, there are 136 unique startups within the cybersecurity and associated fields, including endpoint security, cloud security, network security and IoT security.

Out of these 136 startups, half of the cybersecurity startup community are in our “ICE71 Inner Circle” of startups who come from our ICE71 programmes! 

You can check out our latest ICE71 Accelerate Cohort 4 startups on this map as well.

With more tech-savvy and nimble cybersecurity startups entering the space, launching new products and offering superior solutions, we look forward to continue supporting and strengthening the cybersecurity community in the region.

For the next version, do reach out and let us know if you would like to be listed on the startup map!

Investing in cybersecurity startups

As mobility and smart cities are developing, cybersecurity is becoming the hottest ticket to investing. Michael Blakey, Managing Partner and co-founder of Cocoon Capital shared his insights as an experienced angel investor and VC leader at this ICE71 Investor Series webcast.

Why invest in cybersecurity?

The amount of data and things that need to be secured is growing on a regular basis. Security business is fast-paced, with unfilled gaps along with rising technologies.

For large corporations and even governments, Michael said, “The big fear at the moment is not about the technology. It’s not about the IoT nor the smart devices, it’s about whether we will lose control (and be vulnerable to attacks). You’ve got to protect all these little devices, the cars and everything else which are moving around, and it’s much harder to do.”

There will be huge investment opportunities for cybersecurity companies if they can solve a relevant problem waiting to be solved. He opines, “If cybersecurity companies get their solution right, they can grow very quickly.”

Newbie tech investors: Good to know

For tech investments, it would take about 7 to 8 years before you see any returns, said Michael to would-be tech investors.

New investors can join other investor networks to gain experience and learn from them. This would also generate better deal flows as like-minded investors come together. “In Singapore, there’s a number angel investor networks like Angel Central and Bansea, you can join them and find people that have similar interest (in terms of the type of investee companies), and these people might be a little bit more experienced, people whom you can learn from. You can start small and learn through your mistakes. How everybody does investing would be different, there aren’t many many wrong ways of doing this but definitely not one right way of doing,” Michael shared.

People, especially founders, are key to an investor’s decision

A lot of emphasis is given to the founding teams when investors like himself needs to make a decision on what to invest in, especially when he can only invest in a few startups per year.

Founders must have the ability to build good teams that will consequently see through their product development and take to market. They should also have extensive market experience within the market of their target customer, particularly in cybersecurity. Any founder should correctly define the problem statement in those few crucial slides of their pitch deck. They must stand out to investors in the way they approach them. To Michael, demonstrating efforts in doing so would translate to how the same founder would attract a potential customer, a proof point for an investor to take the leap of faith.

Michael cites an example of investing in an ICE71 Accelerate cohort 2 startup, GuardRails, even though it is unusual to invest in a one-man team: “We invested in (one of your accelerator cohort companies, which was pretty much a one-person company and (the founder) had a couple of contractors that were were helping him. We spent a lot of time getting to know them figuring out if they have the right skill set, not just to build a technology but to build a team to one of the leadership capabilities.”

The other factors that influences his decisions as an investor include whether the startup is solving a real problem, and timing.

“Are they solving a real problem? I see some amazing technology that’s being built. But quite often, it’s technology that’s looking for a problem, not the other way around,” Michael lamented. “This is why I do more B2B than B2C. It’s harder with the consumers. With B2B, cybersecurity is (a real issue) that the board discusses.” He points out that cybersecurity is quite an interesting space to be in because it is something every board of every major corporation is concerned about. On timing, he’d ask if the cybersecurity startup is coming in too early or too late. He’d also ask, ”Where are they in terms of where the spaces (of opportunities) are?”

Investing in cybersecurity post COVID-19

Investing will still continue, albeit at a much slower pace, so founders need to work a little bit harder and yet lower their expectations of fundraising.

He said, “The reality is, as you might have noticed, I never talked about traction, rather I’m looking at people. Whether it’s today, last year, or next year, good teams are still good teams. And if you talk to most people who’ve been around long enough, they’ll all say the best investments they have ever made are the ones in a downturn. So, for founders, you’ll just have to work that a little bit harder. Change your expectations. If you were looking to raise one and a half million, maybe reduce the target funding amount and expect the fundraising period to take longer.”

He cautions that valuations are going to be around 20 to 30% of what companies would have gotten in 2019. To tide through COVID-19 effects, he advises startups to look into sensible cost-cutting, like making necessary salary cuts to prep for the worst, and also demonstrate adaptability during this time.

Watch the full video to learn more!

Be a part of our ICE71 community for more updates like this. Join our mailing list.

An interview with Dean Bell, CEO of Sixscape Communications

We recently caught up with Dean Bell, CEO of Sixscape, an ICE71 Scale startup.

What’s your role at Sixscape?

I am the CEO of Sixscape Communications, overseeing all strategic responsibilities of the company from product direction, expansion, fundraising and growth. I have previously been involved in a number of cybersecurity companies and have spent the last 25+ years in the region.

What is Sixscape’s story? How did Sixscape come about?

Sixscape started as an R&D initiative with initial funding from Spring (Enterprise Singapore) and NRF and tasked ourselves with looking a definitive way of adding a layer of security to both existing and new communication and authentication mechanisms that would finally put an end to security and identity breaches. This approach needed to align with and enable compliance standards in addition to future growth technologies of 5G, IoT, and IPv6 to ensure that it not only scales but also addresses the new paradigms that these innovations bring. This journey brought Sixscape to a position of leadership in securing authentication and communication across email, IoT, unified communications and user/device authentication with end-to-end encrypted traffic between them in the enterprise.

Can you share some client use cases of Sixscape’s security technology?

We had one large naval client in Asia with over 30,000 users who had a need for a password-less authentication using a mobile phone, as an authentication device with a layer of security that could not be compromised. The customer needed authentication to devices and services across desktops, mobile devices, and their online portals and to be done in a seamless way that follows a common user experience but yet embeds security which cannot be compromised. They recognised that OTP, 2FA, and MFA are no longer fit for purpose in their current state and the need for an additional layer of security. The solution was to deliver the end-user experience with a layer of security in the form of PKI and digital certificates delivering crypto-authentication used at each end of the communication and authentication process to provide irrefutable identity and authentication of the device, the person and encrypting the communication between them. The SixToken solution was deployed in a matter of hours rather than days and weeks which a manual solution would have taken using Sixscape’s IRP (Identity Registration Protocol) automation.

Another client of ours, a large management university in Asia with over 2,000 users – established a need for digitally signed and encrypted email for their in-house and visiting faculty that could be deployed centrally and easily to all desktop, mobile and BYOD devices with zero-touch ongoing management. The main driver was the need for integrity of the sender with a proven identity for both internal and external users that would also aid in preventing phishing and business email compromise (BEC) . A further requirement was that of email privacy in the form of email content and attachment encryption which would be seamless to the end-user and both requirements were to be delivered with a centralised policy control for selective and group signing and encryption while maintaining an escrow facility for secure storage and recovery of the private key. The SixMail solution was deployed along with SixEscrow and IRP seamlessly to all users with low end-user friction.

During this COVID-19 period, how do you see the importance of Public Key Infrastructure (PKIs) in securing remote working communications?

PKI, although invented back in the 1970s has stood the test of time and, combined with digital certificates provides the only way to ultimately prove the identity of people and things, this is imperative when both of these variables are involved in home working. WFH means different things to different people, from being a known user with a known corporate device on a known corporate network accessed over a VPN, to a BYOD device with little or no security applied to it. In both situations, PKI and digital certificates can be centrally deployed within seconds to remote devices including BYOD, across both desktop and mobile, while ensuring that both device and user authentication (strong client authentication) is carried out.

Why look into Singapore for business expansion?

Singapore ticks all the boxes from being a worldwide recognized start-up hub, excellent technical and commercial talent pool, established and certain legal framework, tax-friendly with a strong economy, and respected position in the region and worldwide. We feel a sense of pride to be a Singapore based start-up and this is echoed by the feedback we get from international partners that we have signed from both a commercial and technology alliance perspective. Singapore and the technology it produces truly is on a worldwide scale and this is something that here at Sixscape we intend to build upon as we solve more problems in Cybersecurity and enhance our solutions to address both current and future requirements.

Describe cybersecurity in 30 words.

Cybersecurity is anything other than physical. We make the mistake that cybersecurity is all internet-focused, when many attacks are from the ‘electronic’ world also.

Sixscape Communications, an ICE71 Scale startup,  is a Singapore based cryptographic authentication and communications vendor focused on digital certificate-based security across email, voice/video/chat communications, IoT and password-less authentication. Learn more about Sixscape at https://sixscape.com/

In conversation with Sujeesh Krishnan of Kinnami, an ICE71 Accelerate 4 startup

We caught up with Sujeesh Krishnan of Kinnami, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I am Sujeesh Krishnan, CEO of Kinnami Software Corporation. We are a data security and privacy startup based in Boston, U.S., with teammates in Washington D.C., London, and Singapore.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

The original inspiration for the technology that Kinnami is providing comes from the realization back in 2006 – that it was so hard and too slow to share large files (pictures, videos, etc.) with non-techie family members around the world while also retaining privacy. Even today, that problem is not served well. Over decades in the data protection and security segments of the IT industry, we have become frustrated with the industry’s patchwork of solutions that have led to ever- greater disasters in the form of data leaks and most recently fake news – information that cannot be trusted.

Consequently, we have become determined to provide a better platform that prevents a number of essential problems in data security and protection. “Data without security is worthless. Security without data is pointless,” so separating the 2 topics, which has happened as a result of the evolution of IT over the last 30 years, is really just not a good idea. These need to be fixed together. Properly.

Kinnami’s vision is to completely alter the way organisations think of data security and storage and eliminate the current patchwork of solutions that serves as IT security today. Data security now keeps IT admins up and night and is a hot topic in corporate boardrooms. The ability to play a key part in addressing this big challenge is a huge motivation for us as a company.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

Kinnami enables organisations to protect sensitive data everywhere. Our innovative distributed data storage and security platform, AmiShare avoids the classic data security and protection patchwork. Instead it provides organisations with an easy way to secure the creation, storage, and sharing of data both within organisations and externally. AmiShare separates administrators and end-users’ responsibilities, aligning them more precisely with their goals. All this is verified by AmiShare’s auditing.

AmiShare enables organisations to manage the security of data by defining policies to control who may access them and where they are stored, providing protection wherever they are stored or shared. This includes data centers, cloud stores, laptops, mobiles, removable drives, and IoT devices. Security of stored data is enhanced by breaking data into fragments, individually encrypting fragments with individual encryption keys and storing them across multiple devices/servers.

Q: Who might find use for your solution?

Any organization that needs a more secure way to store, collaborate and audit the access of confidential information will find value in AmiShare. Some of our early markets of interest include regulated industries such as financial services, healthcare, supply chain, as well as academia, and military.

In today’s remote work from home environment caused by COVID-19, SMEs as well as enterprises will find AmiShare to be a better way to manage sensitive data that is being accessed on potentially unsecure devices and networks.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

We have found the programme to be of high quality, with extremely relevant topics for our company at its current stage of evolution. The ability to interact directly and build relationships with CISOs, subject matter experts, and successful founders, as well as peers has been invaluable. We have also appreciated the opportunity to connect with parties at Singtel, NUS, IMDA, and CSA among others, on a one-one basis and in exploring collaborative projects.

Learn more about Kinnami at kinnami.com

In conversation with Mitali Rakhit of Guardara, an ICE71 Accelerate 4 startup

We caught up with Mitali Rakhit of Guardara, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Mitali Rakhit, CEO and co-founder of Guardara, and we’re based in London, UK.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

My cofounder and CTO, Zsolt Imre, used an early prototype of our product at the world’s largest telecommunications device manufacturer, and was able to find more security and QA issues than a leading competitor. The client wanted to buy the product.

At Guardara, we are passionate about building a world with more secure code. Our dream is to be able to move fuzz testing earlier into the software development lifecycle and to be able to automate it completely.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

FuzzLabs is focused on fuzz testing for quality assurance. FuzzLabs can find more issues faster, is easier to integrate and more flexible. We are making the product as easy to use as possible in order to reach a wider audience.

Q: Who might find use for your solution?

Enterprise product security teams that work on high-availability products, such as ICS, IoT, medical devices, telecom, defense, aerospace, and automotive solutions.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

I have enjoyed getting to work with our fantastic mentors and peers in the cohort. I have learned that good things take time, and persistence is the key to success.

Learn more about Guardara at guardara.com

In conversation with Stephanie Robinson of Assimil8, an ICE71 Accelerate 4 startup

We caught up with Stephanie Robinson of Assimil8, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Stephanie Robinson, CEO and co-founder of Assimil8. We’re based in Brisbane, Australia.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

Assimil8 was formed in 2018 as I was struggling to bring together data sets from disparate systems in order to make high level
recommendations for relationship management – specifically, I could not see how relationships were connected without completing a time consuming and manual process.

Working together with my CTO and co-founder Simon Robinson to develop the IDRIS tool – a cybersecurity solution by our startup Assimil8 – has been an amazing experience. Having spent most of our lives overlapping careers, it’s been especially rewarding to move forward with IDRIS together by means of Assimil8.

Over the years we have had many ideas, but IDRIS was really the one we felt most strongly had all the ingredients for success, to meet a genuine need in a growing market. Our goal is to find partners who can recognise both the immediate cybersecurity market opportunity and the wider applications of this technology.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

We know that SMEs are asking for better value from their cybersecurity providers, more efficiency at a lower cost. We also know that SMEs are not only more likely to be the target of an attack, but that an attack is far more likely to result in the closure of the business.

Most SMEs receive raw threat data via a tool created for enterprise, so we asked ourselves this – why is there nothing on the cybersecurity market designed for this part of the economy, given that these businesses support close to three quarters of jobs worldwide? We believe it comes down to three critical factors – cost, skills and psychological barriers. It is not easy to get good cybersecurity advice, and to understand or act on it.

Our solution IDRIS utilises sophisticated graph technologies to provide visual network views, which allow the user to identify anomalies or patterns for investigation, without the need for high-level technical skills. IDRIS does not come with an enterprise licence fee, and with IDRIS it is far easier to interpret results than traditional rows of raw data. The tool can provide a view of threats across an entire network, increasing the likelihood of identifying a threat and, crucially, its connections within that network.

Q: Who might find use for your solution?

More than three quarters of small and medium sized businesses expect at least half of their cybersecurity needs to be outsourced within the next five years, and 78% of these businesses plan to invest more in cybersecurity within the next year, according to the results of a 2019 Continuum survey of global SMEs.

Our plan is to provide these outsourced service providers with a competitive edge in an increasingly competitive market. IDRIS will be launched using an open source model, and we would like to set the bar that any good forensic analyst service would be using IDRIS. Think of IDRIS as plain English for network threat identification.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

ICE71 Accelerate has been an excellent springboard for Assimil8 and finding a path to success for the IDRIS tool. Right from the beginning, the programme has provided access to networks and mentors. The focus and clarity this has given us in such a short period of time has helped us make huge leaps in the development journey of our product. We are excited to become a future success story for ICE71 Accelerate.

Watch Assimil8 pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Assimil8 at assimil8.com.au

 

In conversation with Valentin Bercovici of Chainkit, an ICE71 Accelerate 4 startup

We caught up with Valentin Bercovici of Chainkit, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I am Valentin (Val) Bercovici, Founder and CEO of Chainkit, based in San Francisco, California, USA.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

What inspires me every day is about levelling the playing field for victims of cyber crime and attacks – creating the next great cybersecurity company!

Cybersecurity has an existential crisis around the stealth of attacks. Privileged (admin or root) accounts are easily abused by malicious insiders and external bad actors alike. And with those escalated privileges, they execute their attack chains and cover their tracks with impunity. Balancing the canonical C-I-A Security Triad/Triangle with stronger integrity solutions for deep (military-grade) tamper-detection, solves this existential crisis.

At Chainkit we want to leverage absolute integrity to deliver the power of Provable Computing to the IT/OT industries. All layers of the computing stack (from transistors in processors to OSI L1-L7) only execute mathematically provable code, processing only authenticated data. All tampered code or data is immediately detected and isolated. This is the ultimate extension of the zero trust concept – beyond identity, endpoint and custom network segment.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

39% of cyber attacks are reported undetected by broad customer surveys – only during post-mortems by forensic investigators. Chainkit for Splunk and Elastic reduces undetected attacks by adding early visibility to deep tampering via military-grade detection of anti-forensic techniques. Before the attacks, Chainkit detects more insider threats, reduces dwell times, improves attribution and maximizes integrity monitoring for compliance.

Q: Who might find use for your solution?

Chainkit is a horizontal solution with a USD $1 billion addressable market today. We prioritize our sales on the most attacked industry verticals (government, financial services and healthcare). We offer specific value propositions for security analysts, threat hunters, compliance officers or auditors, and digital forensics investigators.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

The cybersecurity focus of the program is first-rate. The breadth and depth of industry-specific feedback we are receiving from customers, partners, investors and mentors is materially improving all aspects of our business, from sales and marketing, all the way to product development.

Additionally, the professionalism of the ICE71 and CyLon teams have been outstanding. Particularly their seamless transition from a traditional in-person program to a 100% virtual version of it.

Watch Chainkit pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Chainkit at chainkit.com

 

In conversation with Sudesh Kumar of Kapalya, an ICE71 Accelerate 4 startup

We caught up with Sudesh Kumar of Kapalya, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Sudesh Kumar, founder and CEO of Kapalya. We started Kapalya in Honolulu, Hawaii, but since 2018, we have moved to Berkeley, California which is in the San Francisco Bay Area in the US.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

It all started when I was tasked by the Hawaii State CIO to protect the 2016 presidential elections data from getting hacked. During that process, I discovered that no vendor had a comprehensive encryption management solution, so we decided to build such a solution and that was the inception point of Kapalya.

Q: What is the problem you want to solve with your product or solution? Tell us more about your solution.

The main problem we are solving is encryption key management across any organization, regardless of where that organization’s data resides – be it on laptops, desktops, smartphones, tablets, public clouds, virtual desktop environments and enterprise file-servers. We call it the Encryption Management Platform (EMP).

Q: Who might find use for your solution?

Since our inception was from the government, they are first target customers. However, our solution is good to be used by any industry and vertical, as all of them are susceptible to ransomware attacks – these include healthcare, legal firms, software development companies, accounting firms, financial services, oil and gas, manufacturing, logistics, insurance companies, to name a few.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Our biggest value derived from the ICE71 program is the level of connections made so quickly within SingTel, NUS, Trustwave, CSA and NCL. All of these are extremely valuable partnerships for us, which would have been very difficult to obtain on our own.

Watch Kapalya pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about Kapalya at kapalya.com

 

In conversation with Avi Bartov of GamaSec, an ICE71 Accelerate 4 startup

We caught up with Avi Bartov of GamaSec, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Avi Bartov, CEO and co-founder of GamaSec, a company based in Tel Aviv, Israel.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

GamaSec was founded in 2006 with a mission to lower risk for small businesses. Back then, we were a security solutions advisor.

In 2017, we made a strategic decision to create alliances and partnerships with insurance companies. We realised that cyber insurance is going to see more focus with insurers worldwide, but most insurers do not have the background or the expertise in order to provide this kind of service. The missing piece of the puzzle was the growing need for a partnership between a cybersecurity company and an insurance company. Here’s where and how we come in — our technology, when bundled with cyber insurance policies provided by our insurance partners, reduce their exposure and increase their brand awareness.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution.

GamaSec provides a pre-breach virtual hacker technology designed to prevent cyber attacks, minimizing the exposures that cyber insurance policyholders face, instead of just risk mitigation.

Right now, we are working towards the next generation pre-breach cybersecurity for insurance carriers – with GamaEye. GamaEye is a powered GamaSec Patent technology that enables businesses of all sizes to detect combat and recover from web cyber-attacks in real time significantly reducing the risk of data breach.

It is a web attack detection technology that uses changeable deception elements to identify and reveal malicious activity targeted at business websites.

Q: Who might find use for your solution?

Insurance providers and brokers that are providing cyber insurance policies to small to medium-sized business owners. These parties would be our potential channel partners.

By blending in this next-level detection and prevention technology with their cyber insurance policies, our insurance partners would be able to reduce exposure and increase brand awareness.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Meeting people from different backgrounds and learning from their experiences, which helped the cohort members get feedback in improving our respective companies.

Watch GamaSec pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June!

Learn more about GamaSec at gamasec.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

  • Cyble, an ICE71 Scale startup, is listed in Forbes’ 20 best cybersecurity startups to watch in 2020, based on a methodology that equally weighs a startup’s ability to attract new customers, current and projected revenue growth, ability to adapt their solutions to growing industries and position in their chosen markets.
  • In a separate news on Silicon.co.uk regarding a potential data compromise affecting popular maths site Mathway, Cyble was quoted saying that hacking group called Shiny Hunters began selling the database of more than 25 million Mathway user credentials on illicit websites in early May, offering it for $4,000 (£3,285) in cryptocurrency.
  • ICE71 Scale startup Cyfirma is quoted in this Straits Times article about the recent cyber attack on ST Engineering’s US subsidiary. According to the cybersecurity firm, a group of hackers known as the Maze group had attacked VT San Antonio Aerospace and put about 50 megabytes of leaked data on the Dark Web and public forums.

More news on ICE71 and our startups here.

 

In conversation with Alessio Mauro of neoEYED, an ICE71 Accelerate 4 startup

We caught up with Alessio Mauro of neoEYED, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.

I’m Alessio Mauro, from Italy, CEO at neoEYED, a US based company.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

I hate security and especially “passwords”! They are just stressful and a nuisance and… why are we using them yet, despite all the advancement in biometrics? My dream since I started this company was to simplify security and get rid of passwords once for all.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution.

neoEYED reduces up to 99% of digital identity frauds by using an invisible technology: behavioral recognition. We built a Behavioral AI, an AI trained to recognize the users just by the way they interact with their web/mobile applications.

It’s an invisible security layer that protects the users, without making any change in the user experience. More security, less stress.

Q: Who might find use for your solution?

Banks and fintech applications are the one who would really need these solutions to protect their users’ accounts, besides, any enterprises (including banks), regardless of the verticals, always need this solution to protect frauds inside coming from the employees or hitting them.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

Being us in the virtual program we haven’t got the chance to live Singapore and all ICE71 events, but the team at ICE71 have always connected with relevant people and events to be in the startup scene.

Watch neoEYED pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about neoEYED at neoEYED.com

 

In conversation with Rohan Sood of Scantist, an ICE71 Accelerate 4 startup

We caught up with Rohan Sood of Scantist, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.
I’m Rohan Sood, Head of Operations at Scantist. We’re an NTU spin-off based in Singapore.

Q: What inspired you to start your startup? What is your goal or dream for your startup?

The cyber-security lab (CSL) at NTU found multiple vulnerabilities in popular commercial software from Adobe, Apple and the likes as a part of it’s binary-level security analysis. These vulnerabilities were recognized by the vendor companies – leading to significant bug-bounty awards to the research team.

The ability to find commercially relevant vulnerabilities in some of the most sophisticated software platforms and products led us to believe that we had a unique value proposition to share with the world. We started Scantist with an objective to translate our research activities into a viable product that could be used to identify such vulnerabilities before the software is released.

Our vision is a world where applications function flawlessly – the way they were intended, without concerns for security. We aspire to be the one-stop shop for application security.

Q: What is the problem you want to solve with your product/ solution? Tell us more about your solution and who might find use for it.

While cybersecurity has traditionally focussed on network and infrastructure layers, the application layer is emerging to be the preferred battleground for hackers and adversaries worldwide. Breaches like Equifax, Panama Papers and a host of Heartbleed-related attacks were all made possible owing to vulnerabilities in business-critical applications.

Scantist Software Composition Analysis (SCA) provides a developer-centric solution that integrates with existing workflows to proactively manage known vulnerabilities in software applications. Scantist SCA is the only tool that effortlessly scans all binary and open source code in a single integrated platform to provide targeted remediation advice with an extremely high-degree of accuracy.

Any organization – small or large – which develops or maintains software applications as a part of its core business operations is a potential customer for Scantist.

We are currently focussed on markets in Singapore, ASEAN and China.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?

With cohort members as well as mentors from across the globe, we have really enjoyed looking at cybersecurity from a much-broader perspective than we previously had owing to our existing engagements being limited to the Singapore/ASEAN region. It has allowed Scantist to evolve and broaden its horizons by working towards being a global brand.

Watch Scantist pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about Scantist at scantist.com

 

In conversation with Barton Shields of Olympus Sky, an ICE71 Accelerate 4 startup

We caught up with Barton Shields of Olympus Sky, a member of ICE71 Accelerate’s fourth cohort.

Q: Tell us more about yourself.
I’m Bart Shields, CEO and CTO of Olympus Sky Technologies, S.A. , also known as Olympus Sky, and we originate from Łódź, Poland.

Q: What inspired you to start your startup?
Back then, I wanted to solve the number one problem within the automotive industry –  providing security inside of the vehicle.

Q: What fires you up every morning?
Knowing that this technology completely changes how security is done, in that it simplifies and automates communication security, while also simultaneously providing a solution that is more secure than the current, traditional means for providing communication security (i.e. PKI + TLS/SSL).

Q: What is your goal or dream for your startup?
This are two parts to this goal: 1) to make our core technology an RFC specification and communication-layer standard, and 2) to change how the world does security.

Q: What is the problem you want to solve with your product/ solution?
Traditional security is human intensive and utilizes a centralized approach for the creation and management of security credentials, making it costly to implement, costly to maintain, and difficult to scale. IoT is expanding at a pace that is difficult to keep up with. This is especially true for trying to provide security at IoT scale in a cost and time efficient manner.

Because traditional security was never meant to operate within the complexity and additional requirements introduced by the proliferation of devices that IoT brings. Only those with sufficient resources have the capabilities of addressing the security gaps, which because of the complexity more than often fall short.  It is no secret that traditional security is becoming more complex each and every year.  Thus, increasing the threat surface and costs of maintaining security.

To put it simply, traditional security is meant for point-to-point, static links.  IoT is by definition dynamic and multi-point.  Thus, traditional security is the square peg and IoT is the round hole.

Q: Tell us more about your solution and who might find use for it.

Our security solution, Autonomous Key Management (AKM) makes security not only affordable, but significantly decreases the threat surface because of its simplicity.  AKM is easy to deploy, easy to maintain, and easy to expand at IoT scale. AKM solves the high costs and difficulties of providing security at IoT scale. It is completely automated with one-time provisioning, removing the human factor and any requirement to connect to a centralized server.  Last, our security naturally provides multi-point, end-to-end encryption, something that traditional security is incapable of (ex. the Zoom video acknowledgement from April in which they stated that PKI and TLS/SSL are incapable of multi-point end-to-end encryption).

The primary customer case for our solution would be Industrial IoT companies.

Q: What have you enjoyed the most being a part of the ICE71 Accelerate programme?
Meeting the mentors and other teams in the programme.

Watch Olympus Sky pitch at ICE71 Accelerate 4 Virtual Demo Day on 25th June! 

Learn more about Olympus Sky at olympusssky.com

 

ICE71 startup news roundup

Here’s the latest news roundup on our ICE71 startups:

 

First 100% virtual ICE71 Accelerate programme


Our first 100% virtual ICE71 Accelerate programme had kicked off! The fourth cohort of the programme took place from 7 April – 25 June.  Here’s a quick look at each of the startups in cohort 4!

 

Assimil8

Origin: Australia
Co-founders: Simon Robinson, Stephanie Robinson

The Assimil8 tool, IDRIS provides decision makers with easy to read visual representations of large complex data sets. ASSIMIL8 makes data analysis more accessible by reducing the reliance on specialist expertise. The product we have developed, known as the Intuitive Data Relationship Inference System (IDRIS) can be used to quickly evaluate the risk context and threat of an individual cyber event or can be used continuously to review a complex network to identify threats.

www.assimil8.com.au

In conversation with Stephanie Robinson, CEO


Chainkit

Origin: USA
CEO: Valentin Bercovici

Chainkit is a cutting-edge technology that detects invisible threats, dramatically reduces dwell time from months to minutes, and delivers absolute system attestation.

Anti-forensic techniques are silently tampering with indicators of compromise, extending dwell times into months. Forensic artifacts lack attestation of integrity for investigators to use in determining attribution. These conditions put organizations at unacceptable risk of undetected cyber attacks, as well as out of regulatory compliance. Chainkit for Splunk and Elastic is the first solution to focus exclusively on the previously invisible 39% of undetected cyber security attacks. Results include less cyber damage and stronger regulatory compliance, supporting lower insurance premiums, in an era of universally increasing cyber risk.

www.chainkit.com

In conversation with Val Bercovici, Founder & CEO


GamaSec

Origin: Israel
CEO & Co-founder: Avi Bartov

Gamasec utilizes the newest and most advanced technologies to stop cyber-attacks via websites reducing cyber insurance exposure GamaSec is a pre-breach tool which enables small and mid-sized businesses to combat and recover from cyber attacks. By using cutting edge virtual hacker technology to identify and eradicate dangerous malware threats and website application vulnerabilies reducing cyber insurance risk and exposure.

www.gamasec.com

In conversation with Avi Bartov, Founder and CEO


Guardara

Origin: United Kingdom
CEO: Mitali Rakhit

FuzzLabs, their first product, can be used to identify a wide range of issues, not only native software flaws, such as memory corruption. It is possible to test web applications and web services, find problems such as unhandled exceptions, issues related to performance, and a lot more.

www.guardara.com

In conversation with Mitali Rakhit, Co-founder and CEO


Kapalya

Origin: USA
CEO & Founder: Sudesh Kumar

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application. This ubiquitous encryption solution protects all your corporate data by seamlessly encrypting files on end-points (computers/mobile devices), corporate servers and public cloud providers. With Kapalya, users have the ability to share encrypted files across multiple cloud platforms.

www.kapalya.com

In conversation with Sudesh Kumar, Founder and CEO


Kinnami

Origin: USA
CEO: Sujeesh Krishnan

Kinnami is an end-to-end data security firm that equips organizations to secure, proof and audit sensitive information at rest and in-transit in data-sharing applications Kinnami is an end-to-end data security firm that equips organizations to secure, proof and audit sensitive information at rest and in-transit in data-sharing applications. It’s core product, AmiShare, uses distributed and encrypted storage to secure and protect confidential data across devices and users everywhere. Data is broken into fragments, encrypted, and distributed across a network of servers, devices and the Cloud. AmiShare strictly audits access to data and secures data right where it is created or stored ensuring that data is protected even as it moves.

www.kinnami.com

In conversation with Sujeesh Krishnan, CEO


neoEYED

Origin: USA
CEO: Alessio Mauro

neoEYED helps banks and enterprises to reduce frauds just by looking at the way users interact with application and devices neoEYED is a Behavioural AI. A fraud detection/prevention solution that recognise the users just by looking at “how” they interact with the applications and type their passwords. The result is a secure, frictionless, layer that continuously monitors the behaviour of the users and protects them from any unforeseen frauds without asking for any additional permissions or personal information. Invisible, simple, secure!

www.neoeyed.com

In conversation with Alessio Mauro, CEO


Scantist

Origin: Singapore
Head of Ops: Rohan Sood

Scantist is a local cybersecurity startup focused on managing open source vulnerabilities and improving compliance on the application level Scantist is a cyber-security spin-off from Nanyang Technological University (Singapore) which leverages its deep research and expertise to provide vulnerability management solutions to enterprise clients.

www.scantist.com

In conversation with Rohan Sood, Head of Operations


Olympus Sky

Origin: Poland
CEO & CTO: Bart Shields

Olympus Sky Technologies (OST) has developed a new way to think about cybersecurity, up-ending 30 years of static, heavy certificate-based solutions such as PKI. We have implemented this technology into a product suite that we call Zeus. Zeus is used to secure complex supply chains, from cradle to grave, as well as providing secure communication, including authentication of both hardware and virtual (electronic images/software) assets. Best of all, the product is simple to understand and simple to use, requiring no skilled administration or IT security experts.

www.olympussky.com

In conversation with Bart Shields, Co-founder, CEO and CTO


Watch cohort 4 startups pitch at ICE71 Accelerate 4 Virtual Demo Day

Chris Roberts: Hacking Sheep, Ships, Stations & Everything in Between


We recently had our ICE71 Distinguished Speaker Series with Chris Roberts who shared his journey in cybersecurity, what he feels about the current state of the industry, and more.


How he got started with cybersecurity and his first hacking experience

Chris attributed this to his ATARI game days around the time he was 13. He mused, “I hated losing the games, so I would load the programs up, arrow them out, drop them into the command line and see how they actually worked. And then I loaded up a basic shell and just really started to figure the code out from there. At the time my father was still around, he would play a game, sometimes winning and sometimes losing, while I could play a game and become a trillionaire after like 20 minutes because I’ve hacked the system. That got me started with hacking.”

Getting a foot in the door 

His advice for aspiring youth who want to venture into cybersecurity? They need to have a good attitude, and know how to reverse engineer solutions. He said, “If I’m looking at somebody who’s new, I don’t care about the qualifications. What I care about are what they think, how they feel and how they can demonstrate it.”

For those who want to get into the red or blue teams, he’d ask: “Have they built their own machine at home? Have they figured out how things work? Do they know how to reverse engineer? Have they broken things to be able to then figure out how to repair them?” 

Someone new to the industry doesn’t only learn cybersecurity skills. Newbies should  take a proactive step in connecting with the cybersecurity community, for example, through a platform like LinkedIn. To succeed, It’s important to have good communication skills, both verbal and written, together with a collaborative mindset.

Need for effective communication

Chris lamented about one of his biggest frustrations in cybersecurity, the lack of effective communication within the industry.

He spoke about acronyms and jargons in cybersecurity.

“People outside our industry go: “How can you explain security in the language I need to understand?” This is where you talk about risk, and where you basically put your point in human terms,” Chris said.

It doesn’t matter whether it’s a CEO or CIO who’s trying to explain to leadership about risk.  He said, “Risk reduction is about mitigation controls and compliance regulations.” And if it’s a technical person trying to educate the end user about passwords, it’s ultimately about “how it’s meant to keep the end user safe”, and how the end user can “teach his family to be safe” too.

What deception technology is about

Chris explained this as “using technology to effectively lie to someone who’s trying to break into a system”. In the case of hackers, the better the system lies to them, the more interaction they would have with the system, ultimately triggering alerts.

“Or look at it as building an architecture that camouflages itself effectively,” he said. If there is a request from an attacker, the deceptive system is like a “butler”, serving the attacker deceptive credentials and setting off an alarm.

On hacking cows and other things

Chris has hacked everything from cow pedometers to milking machines to ships.

Once, he overrode GPS tracking data from a cow pedometer database, and at one point he tracked 0.25 million herd of cows virtually lurking around a friend’s house! He’s also made milking machines stop and “line dance” every 12 hours. 

About two years ago in Turkey, he hacked into a ballast control system of a ship at a harbour. Ballast control systems give stability to ships. Hacking into these systems could potentially make ships roll in the middle of a harbour. Chris has approached a few shipping companies to caution about these insecure systems but to no avail. It’s challenging to responsibly disclose the security loopholes to the company, and most of the time it falls on deaf ears. He said, “They just want to focus on getting the ships from point A to B.” 

How startups can get a foot into the door despite legacy issues

Startups need to learn who can they can work with or have access to a particular company in a particular industry.

“It isn’t all about doing it yourself, you need to make friends, talk to people and present your ideas.” 

He suggested startups to ask for advice, and even form partnerships, stating Attivo Networks as a good example. Startups need to think about how they can help make an existing process more effective and reduce risk. He said, “Don’t go out and solve the world. Think about how to help others become effective.”

Top challenges CISO are facing and what keeps him up at night

Chris’ take on the top challenges of CISOs are:

1) Visibility: CISOs need to have visibility of all their network endpoints to know the location of their risks.

2) Too many tools, too much inefficiency: Particularly in big organisations, CISOs can have too many security technologies in place. These could just be at 30 to 40 percent capacity.

3) Regulatory and compliance: This includes data privacy, which continues to be a huge concern for CISOs.

So for startups, offering to add another security tech to the mix might not be ideal. Instead, offer something that could give CISOs the visibility they need and could make make existing systems more effective, while ensuring regulatory needs are met.

As security people, we have one job and one job only, and that is to protect the people around us.”

Rather than throwing in and relying on more technology to secure systems, he feels there is a need to take a step back: “We’re so focused on tech, we forget about the humans and processes,” and added that we should instead ask this: “What can I do to help?”

Watch the video of the whole conversation including the interactive Q&A at the end:

 

 

Interview with Sai Venkataraman, CEO and co-founder of SecurityAdvisor

We spoke to Sai Venkataraman of SecurityAdvisor, an ICE71 Scale startup, on how the startup came about, the gaps seen in human firewalls, and more.

1) Tell us more about yourself and your role at Security Advisor. 

I am one of the co-founders and CEO of SecurityAdvisor. Previously I was a VP at Fortscale, a pioneering UEBA firm acquired by RSA, and I was a director for product management at Intel Security/McAfee. I also spent several years at Bain and Company as a management consultant.  

2) How did the idea for Security Advisor come about?

My co-founders and I who were in senior product roles at McAfee started this company together. As colleagues, we would discuss how each of our products were producing hundreds of thousands of cybersecurity incident alerts, a scale impossible for most enterprises and mid-market companies to handle. And human actions caused most of these incidents, as it’s the human who falls victim to phishing, clicks on different links, and shares the data. 

Back then, the only choice a CISO had to reduce the number of incidents and improve cybersecurity was to conduct user training, and users hate this. So we wanted to come up with something more intelligent that could be a personalised cybersecurity advisor to the human, a “Siri” for cybersecurity. We wanted to provide micro-messages to users to help them avoid common cybersecurity errors.

That’s how SecurityAdvisor came about.   

3) There’s been a lot of talk around building human firewalls. And yet there are still cyber breaches happening due to lack of employee cyber awareness. What is the greatest gap you see here and what is the one thing organisations need to know to narrow this gap?

We looked at this problem we faced in our own work life. We used to take training modules, and found that we never paid attention. Today, building human firewalls mean cybersecurity training. But people can find such training a chore and administrators cannot properly measure training ROI. This is the biggest weakness around most human firewall initiatives, the reliance on training and the time required to train users. Is it possible to engage users without having to train them, for example, through personalized tips that are relevant, AI-based and take less than 30 seconds? Can we save time for both the employee and the organization?

4) Can you share a use case or two with your solution?

We provide quantifiable security outcomes. For example, with one of our first customers, we reduced monthly detected infections by 99%. Our technology integrated with their endpoint security solution, Palo Alto Traps, and identified certain high risk users who kept getting infected every month. We found the root causes of these infections to be human actions around clicking on risky emails, or certain online behaviors. We then rolled out a contextual and almost real-time security awareness training program for users who kept getting infected. Over the next 3 months, 50% of the users who were getting infected became secure and 99% of the infections went away. 

The above example is just one use case. We can drive secure human behavior in positive ways too, like turning on two-factor authentication, using rights management tools or sharing data safely with the right permissions. We can also reduce data leakage, malware and phishing click rate, among other things.

5) Describe cybersecurity in 30 words.

Cybersecurity is about technology (AV, Firewall, SIEM etc.), processes and most importantly, people. The carbon-based parts of your network are as important as its technology.   

Security Advisor is an ICE71 Scale startup. Learn more about SecurityAdvisor at securityadvisor.io and more about ICE71 Scale at ranosys.net/client/ice_71/scale

 

ICE71 featured on CNA’s “Secret Wars: Conflict in Cyberspace”

Watch the 2-minute ICE71 feature from 34:59 onwards!

Featured ICE71 leaders:
Edgar Hardless, CEO of Singtel Innov8
Prof Chee Yeow Meng, Associate VP, Innovation & Enterprise, National University of Singapore

Featured ICE71 Inspire 4 participants:
Terrence Tan, Jennie Duong

Episode summary:
Cyber & physical worlds collide as cyber attacks damage nuclear facilities and kinetic attacks provoke cyber attacks. As cyber warfare lacks rules, blurs war & peace and endangers civilians, the world needs new international laws, alliances, and enterprises to grapple with state-led cyber attacks. Singapore is marshalling its youth and innovation to grow a cyber defence ecosystem.

Watch this Secret Wars episode on CNA’s YouTube channel.

About the Secret Wars series: Cyberspace is a hidden battlefield where nations wage secret wars. Nations use cyber operations to steal information, spread falsehoods, puppeteer societies into conflict and disrupt the infrastructure, businesses and services we rely on. In today’s interconnected society, no one is safe from cyber warfare. This series explores the ways countries can be held hostage in the face of cyber terrorism.

Source: CNA

 

COVID-19: Security challenges of remote working

As countries around the world undergo semi- to complete lockdowns, employees are increasingly working from home to adhere to national health measures. However, this shift has presented several security challenges.

Zoombombing

Use of Zoom video conferencing has surged since the dawn of COVID-19 as organisations scramble to continue business-as-usual meetings online. The platform recently drew a lot of flak for its security issues, with the most recent being Zoombombing where uninvited people break into and disrupt business meetings.

Closer to home, the Ministry of Education recently banned the use of Zoom when obscene images appeared during home-based learning through the video conferencing platform.

Home network security isn’t as robust

Accessing work files or emails through a home WiFi adds another security variable – these networks aren’t typically as sophisticated or secure as office networks. They don’t have firewalls or threat detection systems in place, for example.

“Many organizations would kick in their Business Continuity Plans (BCP) where ‘work from home’ and telecommuting would form the cornerstone of their response. This, however, presents a whole new set of risks associated with unsecured and untrusted remote networks, giving hackers opportunities to access organizations’ data and assets. Hackers can leverage rogue wireless access points, deploy malware to harvest credentials and other sensitive data. Even with VPN access, hackers could exploit vulnerabilities and breach poorly secured client devices. Perimeter defence with network protection is just one aspect of cybersecurity. We recommend businesses take a proactive approach: know the risks and threats before a cyberattack takes place. Businesses should have the ‘hacker’s view’, and join the dots between threat actors, motive and campaign,” says Ritesh Kumar, Chairman and CEO of Cyfirma.

Large corporations have security measures such as VPN tools in place, but that may not be the case for smaller businesses. That said, even leading corporate VPNs have vulnerabilities. And it takes pure diligence on the IT teams’ end to promptly patch these security flaws.

Cloud security challenges

Cloud computing is taking center stage for many organisations during this period, but accessing business resources conveniently from the cloud comes with a price – an even greater need for a secure cloud infrastructure, and the right process controls that go with it.

Unfortunately, many companies aren’t there yet when it comes to cloud adoption.  There are security considerations in terms of proper workforce training, identity and access management, cloud data loss, cloud misconfiguration and others.

Some companies, however, are ahead of the pack. Steve Ng, VP of Digital Operations at Mediacorp, shares: “Fortunately for our Digital Group, we have adopted and have been operating on Cloud technologies for many years. We have security best practices in place, continuous monitoring and alerting, and people trained to operate from anywhere. Accessing corporate services is also a breeze. We have security best practices and solutions in place to ensure safety and ease of use for all employees.”

Need for remote incident handling

Remote working doesn’t mean IT and risk teams should lose their grip on handling cybersecurity breaches or incidents.

Having an incident response playbook may help here. “You should be able to easily manage a cyber incident sitting at home and using a mobile. Quickly come up with tasks needed to handle an incident and assign it to your team. Use a playbook which gives step-by-step instructions to handle the attack,” says Venkat Ramshet, founder of FlexibleIR.

 

The CISO Conundrums, Part 4: Metrics

In the final part of our 4-part “The CISO Conundrums” series, we explore success metrics challenges that CISOs face.

Measuring success

Peter Drucker said, “if you can’t measure it, you can’t improve it.” And you also wouldn’t be able to tell how well you did either. In the CISOs’ case, it’s often difficult to find appropriate metrics and measure business alignment.

According to thycotic’s report that touches on how CISOs set key metrics and manage business alignment – 52% of survey respondents are struggling to align security initiatives to business goals, and 28% don’t have a clear understanding on the success metrics used by rest of the business departments.

CISOs would be seen as effective and could be successful in their cybersecurity initiatives if they can clearly demonstrate how these initiatives contribute to business success. Part of doing this well includes being great listeners and understanding what it takes for the broader part of the business to succeed.

Justifying costs

When it comes to justifying costs to purchase or improve an existing security solution before any incident happens, CISOs face an uphill battle. It’s usually when a real attack or incident happens that all eyes turn to a CISO – then in a blink of an eye, he or she becomes empowered to spend what is needed to mitigate the breach. 

Lenny Zeltser, CISO at Axonius suggests risk, cost and context to be areas a CISO should cover when trying to build up a proactive business case for justifying spending that can enhance the organisation’s security posture.

It’s challenging to get mindshare at the board level when reporting on a technical area like cybersecurity. What comes across as everyday language to CISOs – like “TLS”, “DNS”, “malware” and “ransomware” – may be foreign to CEOs and other C-level executives. And when people don’t understand what you are trying to do, you lose your chance to influence decisions.

Business people talk risk, numbers, and charts. In view of this, CISOs need to be able to translate their security efforts into digestible information that their colleagues and bosses can relate to. A Gartner report reveals 100% of CISOs at large enterprises are responsible for board-level reporting of cybersecurity and technology risk at least once a year.

Therefore CISOs need to get a better handle on how to clearly communicate their cybersecurity efforts in the context of potential business impact. Because should any security incident happen, CISOs need to be able to answer the question: “How badly will that impact our business, and how badly will it impact you?”

Related articles:

The CISO Conundrums, Part 1: People and Culture

The CISO Conundrums, Part 2: Digitalisation – Cloud Migration & Data Security

The CISO Conundrums. Part 3: Third-party Ecosystem & Risks

 

For more content like this, follow us on web and our social channels.

COVID-19: More security trade shows cancelled, postponed or going virtual

Tons of trade shows around the world are impacted due to the coronavirus outbreak. Security trade shows aren’t spared – more of them are cancelled, postponed or going virtual.

Here’s a list of upcoming security events and their respective statuses that ZDNet has nicely put together (some information may have changed at time of posting):

FIRST CTI – March 9 to March 11, Zurich – Current status: Canceled.
Wild West Hacking Fest – March 10 to March 13, San Diego – Current status: Virtual.
Red Team Summit – March 11 to March 12, Menlo Park – Current status: Postponed to June 11-12.
Women in Cybersecurity – March 12 to March 14, Aurora (Colorado) – Current status: Canceled.
CiderSecurityCon – March 14 to March 15, Manheim (Germany) – Current status: Canceled.
Troopers – March 16 to March 20, Heidelberg (Germany) – Current status: Canceled.
ICS West (trade show) – March 17 to March 20, Las Vegas – Current status: Postponed to July, new date to be announced.
Cyber Security & Cloud Expo (trade show) – March 17 to March 18, London – Current status: Postponed, new date to be announced.
SecureWorld Philadelphia – March 18 to March 19, Philadelphia – Current status: Postponed, new date to be announced.
Pwn2Own CanSecWest (hacking contest) – March 18 to March 20, Vancouver – Current status: Optional remote-participation. Hackers participating in the Pwn2Own hacker contest can attend, but they can also ask content organizers to execute exploits on their behalf.
InfoSecurity Belgium – March 18 to March 19, Brussels – Current status: Postponed to May 27 – 28.
InsomniHack – March 19 to March 20, Geneva – Current status: Postponed to June 4 – June 5.
BSides Vancouver – March 22 to March 24, Vancouver – Current status: Postponed. New date to be announced later.
Fast Software Encryption – March 22 to March 26, Athens- Current status: Postponed. New date to be announced later.
Kernelcon – March 25 to March 28, Omaha – Current status: Virtual.
SecureWorld Boston – March 25 to March 26, Boston – Current status: Postponed, new date to be announced.
BSides Budapest – March 26, Budapest – Current status: Postponed to May 28.
WORP Summit – March 27 to March 29, Fort Washington, PA – Current status: Postponed to September 18-20.
Black Hat Asia – March 31 to April 3, Singapore – Current status: Postponed for September 29 – October 2.
BSidesCharm – April 4 to April 5, Baltimore – Current status: Proceeding as normal, but on adjusted rules. Remote speakers will be given the option to use video conferencing and avoid traveling to the conference.
BountyCon – April 4 to April 5, Singapore – Current status: Postponed to August 31.
FIRST TC – April 6 to April 8, Amsterdam – Current status: Postponed to next year.
GISEC – April 6 to April 8, Dubai – Current status: Postponed to September 1 – 3.
Kaspersky’s Security Analyst Summit – April 6 to April 9, Barcelona – Current status: Postponed for September. Exact date to be announced later.
BSides Austin – April 9 to April 10, Austin – Current status: Postponed to December 8 – 11.
DEF CON China – April 17 to April 19, Beijing – Current status: Postponed, new date to be announced.
Mediterranehack – April 18, Salerno – Current status: Postponed, to September 5.
Malware Analyst Conference – April 18, Padua – Current status: Postponed, to a later date.
Hack in the Box – April 20 to April 24, Amsterdam – Current status: Canceled.
InfiltrateCon – April 23 to April 24, Miami – Current status: Postponed to October.
Internet Freedom Festival – April 20 to April 24, Valencia – Current status: Canceled.
HardWear USA – April 27 to April 29, Santa Clara- Current status: Canceled.
Wallmart’s Sp4rkCon – May 2, Bentonville, Arizona – Current status: Postponed to October 3.
ISSA Summit – May 5 to May 8, Los Angeles – Current status: Postponed. New date to be announced at a later time.
THOTCON – May 8 to May 9, Chicago – Current status: Postponed to September 11-12.
Fortinet Accelerate – May 16 to May 21, New York – Current status: Canceled.
IEEE S&P – May 18 to May 20,San Francisco – Current status: Virtual.
NoName Con – May 21 to May 22, Kiev – Current status: Postponed to a date in the fall, to be announced.
CyCon – May 26 to May 29, Tallinn – Current status: Canceled.
Kids SecuriDay – May 30, Sydney – Current status: Postponed for later this year. New date to be announced.
Area41 – June 11 to June 12, Zurich – Current status: Postponed to June 2021, next year.
OWASP Global AppSec – June 15 to June 19, Dublin – Current status: Postponed to February 15-19, 2021.
BSides Liverpool – June 29, Liverpool – Current status: Postponed to later this year.

Source: ZDNet

How cybercriminals are taking advantage of COVID-19

The World Health Organization (WHO) has released an advisory warning of ongoing scams involving the COVID-19 outbreak. Cybercriminals are exploiting fear and uncertainty around the disease to carry out these scams.

According to Digital Shadows, an ICE71 Scale startup, the scams can be broadly split into the following three categories:

  1. Phishing and social engineering scams
  2. Sale of fraudulent or counterfeit goods
  3. Misinformation


Read the full article by Digital Shadows about this here.

Attivo Networks racks up over 5 cybersecurity industry recognitions

ICE71 Scale startup Attivo Networks has racked up a slew of new accolades.

They include:

  • Being listed as one of the “12 Best Network Detection and Response Solutions for 2020” by Network Monitoring Solutions Review
  • Winning six 2020 Cybersecurity Excellence Awards
  • Receiving five 2020 Infosec Awards from Cyber Defense magazine
  • Being named a recipient of the 2020 Cybersecurity Marketers of the Year award from The Cybersecurity Go To Market Dojo
  • Being included in CRN’s 2020 Security 100 List
  • Receiving the Trust Award for Best Deception Technology at the 2020 SC Awards (also, fellow ICE71 Scale Bitglass received the Trust Award for Best Cloud Computing Solution at the same awards)

The cybersecurity startup provides the ThreatDefend Platform, a network detection and response solution that provides deception technology for post-compromise threat detection and accelerated incident response.

3 things cybersecurity startups can do to reinvent business amid COVID-19

COVID-19: It’s here. It’s real. And it’s threatening the survival of startups. In this ICE71 Mentor Series webcast, Thibaut Briere, founder of Growth Marketing Studio, shares 3 actionable tips for cybersecurity startups to survive the coronavirus pandemic.

 

1. Work on your brand

Tell the world what you stand for by sharing the “why” of the work you are doing. This is especially important for startups. “It links back to the values of the founders,” said Thibaut.
 
Be very human as a brand. Reach out to people even if it wasn’t for business. Engage your customers, partners, suppliers, and employees. Thibaut said, “You could ask how the coronavirus situation has affected your contacts.”
Communication builds trust and top of mind recall that will pay dividends later. So get on the phone or connect with people through different channels like Slack and WhatsApp.
 

2. Uncover opportunities

Dedicate time to look for more opportunities. There are a few ways you can do this.
 
Diversify. “Cybersecurity startups tend to focus on one narrow part of the market. You need to diversify,” said Thibaut.
 
Are you a unicorn or cockroach startup? Unicorns are fast-growing startups. Cockroaches survive even in the most unfavourable conditions. If you are reading this, you are likely a cockroach startup. You need to be doing something different, and doing many things to sustain your business.
 
Reach out to your existing customers and try to see how else you can be of service. Find out other problems besides the one you already helped them solve.
 
Think ecosystem and partnerships. Search for good partners and join forces with them to meet a broader customer demand. You may not always have the solutions your customers need. More established or bigger security companies might.
 
Continue hanging out with other members in the ecosystem even if there were no business. Be interesting to your partners and customers. Good opportunities will come along the way.
 
Test new business ideas.The essence of growth marketing is about bridging sales, marketing and product. You run as many experiments as fast as you can, doubling efforts for ideas that work and shutting down those that don’t,” said Thibaut.
 
There are many online tools you can use to test your ideas but it’s tough. The complexity isn’t so much a technical one but in whether anybody needs more variety or new solutions.
 
You could reverse engineer problems you want to solve. For example, you can build a website landing page where you explain the problem you want to solve. You can run ad campaigns for testing, and generate website traffic or collect emails from your landing page. Then ask things like: “How many emails did the site capture?” or “How many people clicked on my ad?”. With sensible data, you could build a new business line that provides another revenue source.
 

3. Think ahead

It’s important to continue lead generation even during this COVID-19 period. Startups tend to lack a structured way to reach out to prospects. A purely digital approach is possible for generating leads when you can’t meet customers as often as before.
 
Thibaut suggests automation to increase cold outreach, especially for B2B cybersecurity businesses involving long sales cycles that can take up to two years. It’s important to generate demand now for the months ahead. He points out usage of LinkedIn: “You can enrich LinkedIn profiles with automated outreach and scale up your lead generation.”
 

He also recommends beefing up content marketing: “Educating people about cybersecurity is important as it’s a very technical area.”

Watch the full webcast:

Don’t miss the next ICE71 webcast! Stay tuned by joining the ICE71 community mailing list.